Internet Engineering Task Force (IETF) P. Hunt, Ed.
Request for Comments: 7643 Oracle
Category: Standards Track K. Grizzle
ISSN: 2070-1721 SailPoint
E. Wahlstroem
Nexus Technology
C. Mortimore
Salesforce
September 2015
Internet Engineering Task Force (IETF) P. Hunt, Ed.
Request for Comments: 7643 Oracle
Category: Standards Track K. Grizzle
ISSN: 2070-1721 SailPoint
E. Wahlstroem
Nexus Technology
C. Mortimore
Salesforce
September 2015
System for Cross-domain Identity Management: Core Schema
跨域身份管理系统:核心模式
Abstract
摘要
The System for Cross-domain Identity Management (SCIM) specifications are designed to make identity management in cloud-based applications and services easier. The specification suite builds upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. Its intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model as well as binding documents to provide patterns for exchanging this schema using HTTP.
跨域身份管理系统(SCIM)规范旨在简化基于云的应用程序和服务中的身份管理。规范套件以现有模式和部署的经验为基础,特别强调开发和集成的简单性,同时应用现有的身份验证、授权和隐私模型。其目的是通过提供公共用户模式和扩展模型以及绑定文档来提供使用HTTP交换此模式的模式,从而降低用户管理操作的成本和复杂性。
This document provides a platform-neutral schema and extension model for representing users and groups and other resource types in JSON format. This schema is intended for exchange and use with cloud service providers.
本文档提供了一个平台无关的模式和扩展模型,用于以JSON格式表示用户、组和其他资源类型。此架构旨在与云服务提供商交换和使用。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7643.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7643.
Copyright Notice
版权公告
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction and Overview .......................................3
1.1. Requirements Notation and Conventions ......................4
1.2. Definitions ................................................5
2. SCIM Schema .....................................................6
2.1. Attributes .................................................7
2.2. Attribute Characteristics ..................................8
2.3. Attribute Data Types .......................................8
2.3.1. String ..............................................9
2.3.2. Boolean .............................................9
2.3.3. Decimal ............................................10
2.3.4. Integer ............................................10
2.3.5. DateTime ...........................................10
2.3.6. Binary .............................................10
2.3.7. Reference ..........................................10
2.3.8. Complex ............................................11
2.4. Multi-Valued Attributes ...................................11
2.5. Unassigned and Null Values ................................13
3. SCIM Resources .................................................13
3.1. Common Attributes .........................................16
3.2. Defining New Resource Types ...............................18
3.3. Attribute Extensions to Resources .........................18
4. SCIM Core Resources and Extensions .............................19
4.1. "User" Resource Schema ....................................19
4.1.1. Singular Attributes ................................19
4.1.2. Multi-Valued Attributes ............................23
4.2. "Group" Resource Schema ...................................25
4.3. Enterprise User Schema Extension ..........................26
5. Service Provider Configuration Schema ..........................27
6. ResourceType Schema ............................................29
7. Schema Definition ..............................................30
1. Introduction and Overview .......................................3
1.1. Requirements Notation and Conventions ......................4
1.2. Definitions ................................................5
2. SCIM Schema .....................................................6
2.1. Attributes .................................................7
2.2. Attribute Characteristics ..................................8
2.3. Attribute Data Types .......................................8
2.3.1. String ..............................................9
2.3.2. Boolean .............................................9
2.3.3. Decimal ............................................10
2.3.4. Integer ............................................10
2.3.5. DateTime ...........................................10
2.3.6. Binary .............................................10
2.3.7. Reference ..........................................10
2.3.8. Complex ............................................11
2.4. Multi-Valued Attributes ...................................11
2.5. Unassigned and Null Values ................................13
3. SCIM Resources .................................................13
3.1. Common Attributes .........................................16
3.2. Defining New Resource Types ...............................18
3.3. Attribute Extensions to Resources .........................18
4. SCIM Core Resources and Extensions .............................19
4.1. "User" Resource Schema ....................................19
4.1.1. Singular Attributes ................................19
4.1.2. Multi-Valued Attributes ............................23
4.2. "Group" Resource Schema ...................................25
4.3. Enterprise User Schema Extension ..........................26
5. Service Provider Configuration Schema ..........................27
6. ResourceType Schema ............................................29
7. Schema Definition ..............................................30
8. JSON Representation ............................................34
8.1. Minimal User Representation ...............................34
8.2. Full User Representation ..................................35
8.3. Enterprise User Extension Representation ..................39
8.4. Group Representation ......................................43
8.5. Service Provider Configuration Representation .............44
8.6. Resource Type Representation ..............................46
8.7. Schema Representation .....................................47
8.7.1. Resource Schema Representation .....................47
8.7.2. Service Provider Schema Representation .............74
9. Security Considerations ........................................92
9.1. Protocol ..................................................92
9.2. Passwords and Other Sensitive Security Data ...............92
9.3. Privacy ...................................................92
10. IANA Considerations ...........................................94
10.1. Registration of SCIM URN Sub-namespace and SCIM
Registry .................................................94
10.2. URN Sub-namespace for SCIM ...............................94
10.2.1. Specification Template ............................95
10.3. Registering SCIM Schemas .................................97
10.3.1. Registration Procedure ............................97
10.3.2. Schema Registration Template ......................98
10.4. Initial SCIM Schema Registry .............................99
11. References ...................................................100
11.1. Normative References ....................................100
11.2. Informative References ..................................101
Acknowledgements .................................................103
Authors' Addresses ...............................................104
8. JSON Representation ............................................34
8.1. Minimal User Representation ...............................34
8.2. Full User Representation ..................................35
8.3. Enterprise User Extension Representation ..................39
8.4. Group Representation ......................................43
8.5. Service Provider Configuration Representation .............44
8.6. Resource Type Representation ..............................46
8.7. Schema Representation .....................................47
8.7.1. Resource Schema Representation .....................47
8.7.2. Service Provider Schema Representation .............74
9. Security Considerations ........................................92
9.1. Protocol ..................................................92
9.2. Passwords and Other Sensitive Security Data ...............92
9.3. Privacy ...................................................92
10. IANA Considerations ...........................................94
10.1. Registration of SCIM URN Sub-namespace and SCIM
Registry .................................................94
10.2. URN Sub-namespace for SCIM ...............................94
10.2.1. Specification Template ............................95
10.3. Registering SCIM Schemas .................................97
10.3.1. Registration Procedure ............................97
10.3.2. Schema Registration Template ......................98
10.4. Initial SCIM Schema Registry .............................99
11. References ...................................................100
11.1. Normative References ....................................100
11.2. Informative References ..................................101
Acknowledgements .................................................103
Authors' Addresses ...............................................104
While there are existing standards for describing and exchanging user information, many of these standards can be difficult to implement and/or use; e.g., their wire protocols do not easily traverse firewalls and/or are not easily layered onto existing web protocols. As a result, many cloud providers implement non-standardized protocols for managing users within their services. This increases both the cost and complexity associated with organizations adopting products and services from multiple cloud providers, as they must perform redundant integration development. Similarly, cloud service providers seeking to interoperate with multiple application marketplaces or cloud identity providers would require pairwise integration.
虽然存在描述和交换用户信息的现有标准,但其中许多标准可能难以实施和/或使用;e、 例如,他们的有线协议不容易穿越防火墙和/或不容易分层到现有的web协议上。因此,许多云提供商实施非标准化协议来管理其服务中的用户。这增加了采用多个云提供商的产品和服务的组织的成本和复杂性,因为它们必须执行冗余集成开发。类似地,寻求与多个应用程序市场或云身份提供商进行互操作的云服务提供商将需要成对集成。
SCIM seeks to simplify this problem through an easily implemented specification suite that provides a common user schema and extension model, as well as a SCIM protocol document that defines exchanging this schema via an HTTP-based protocol [RFC7644]. The SCIM
SCIM试图通过一个易于实现的规范套件来简化这个问题,该套件提供了一个通用的用户模式和扩展模型,以及一个SCIM协议文档,该文档定义了通过基于HTTP的协议交换这个模式[RFC7644]。SCIM
specifications draw design input and feedback from existing identity-related protocols and schemas from a wide variety of sources including, but not limited to, existing services exposed by cloud providers, PortableContacts [PortableContacts], vCards [RFC6350], and Lightweight Directory Access Protocol (LDAP) directory services [RFC4512].
规范从各种来源的现有身份相关协议和模式中获取设计输入和反馈,包括但不限于云提供商公开的现有服务、PortableContacts[PortableContacts]、vCards[RFC6350]和轻型目录访问协议(LDAP)目录服务[RFC4512]。
The SCIM protocol is an application-level protocol for provisioning and managing identity data specified through SCIM schemas. The protocol supports creation, modification, retrieval, and discovery of core identity resources such as Users and Groups, using a subset of the HTTP methods (GET for retrieval of resources; POST for creation, searching, and bulk modification; PUT for attribute replacement within resources; PATCH for partial update of attributes; and DELETE for removing resources).
SCIM协议是一种应用程序级协议,用于提供和管理通过SCIM架构指定的身份数据。该协议支持使用HTTP方法的子集创建、修改、检索和发现核心身份资源,如用户和组(获取用于检索资源;发布用于创建、搜索和批量修改;放置用于在资源中替换属性;修补用于部分更新属性;删除用于删除资源)。
While the SCIM protocol and core schema specifications are intended to cover point-to-point scenarios, implementers and deployers should consider multi-hop and multi-party scenarios such as a service provider acting as a general profile service for in-domain applications (e.g., a directory), as well as scenarios where a service provider in turn passes information to a third-party service provider by acting as either a SCIM client or a SCIM service provider. Implementers and deployers should carefully consider their service level agreements and privacy agreements when distributing or propagating personal information (see Section 9.3).
虽然SCIM协议和核心模式规范旨在覆盖点对点场景,但是实现者和部署者应该考虑多跳和多方场景,例如服务提供者充当域内应用(例如目录)的一般配置文件服务,以及服务提供商通过充当SCIM客户端或SCIM服务提供商将信息传递给第三方服务提供商的场景。在分发或传播个人信息时,实施者和部署者应仔细考虑其服务级别协议和隐私协议(见第9.3节)。
This document provides a JSON-based schema and extension model for representing users and groups, as well as service provider configuration. This schema is intended for exchange and use with cloud service providers and other cross-domain scenarios.
本文档提供了一个基于JSON的模式和扩展模型,用于表示用户和组,以及服务提供商配置。此架构旨在与云服务提供商和其他跨域场景交换和使用。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
The key words "REQUIRED" and "OPTIONAL" are used throughout this document to indicate whether an attribute or schema element is required or optional. These key words may be used alone (e.g., "REQUIRED.") or in a sentence. If not specified, an attribute is considered to be optional.
在本文档中,关键字“REQUIRED”和“OPTIONAL”用于指示属性或模式元素是必需的还是可选的。这些关键词可以单独使用(如“必需”)或在句子中使用。如果未指定,则认为属性是可选的。
The word "DEFAULT" as used in Section 7 indicates that a "keyword" value for an attribute characteristic is the default behavior.
第7节中使用的“默认”一词表示属性特征的“关键字”值是默认行为。
Throughout this document, values are quoted to indicate that they are to be taken literally. When using these values in protocol messages, the quotes MUST NOT be used as part of the value.
在本文件中,引用了数值,以表明它们是按字面意思理解的。在协议消息中使用这些值时,不得将引号用作值的一部分。
Throughout this document, figures may contain spaces and extra line wrapping to improve readability and accommodate space limitations. Similarly, some URIs contained within examples have been shortened for space and readability reasons.
在本文档中,图形可能包含空格和额外换行,以提高可读性并适应空间限制。同样,出于空间和可读性的原因,示例中包含的一些URI也被缩短了。
Service Provider An HTTP web application that provides identity information via the SCIM protocol.
服务提供商通过SCIM协议提供身份信息的HTTP web应用程序。
Client A website or application that uses the SCIM protocol to manage identity data maintained by the service provider. The client initiates SCIM HTTP requests to a target service provider.
客户端使用SCIM协议管理由服务提供商维护的身份数据的网站或应用程序。客户端向目标服务提供商发起SCIM HTTP请求。
Provisioning Domain A provisioning domain is an administrative domain external to the domain of a service provider for legal or technical reasons. For example, a SCIM client in an enterprise (provisioning client) communicates with a SCIM service provider that is owned or controlled by a different legal entity.
配置域由于法律或技术原因,配置域是服务提供商域之外的管理域。例如,企业中的SCIM客户端(供应客户端)与由不同法律实体拥有或控制的SCIM服务提供商通信。
Resource Type A type of a resource that is managed by a service provider. The resource type defines the resource name, endpoint URL, schemas, and other metadata that indicate where a resource is managed and how it is composed, e.g., "User" or "Group".
资源类型由服务提供商管理的资源类型。资源类型定义了资源名称、端点URL、模式和其他元数据,这些元数据指示资源的管理位置和组成方式,例如“用户”或“组”。
Resource An artifact that is managed by a service provider and that contains one or more attributes, e.g., "User" or "Group".
资源由服务提供商管理的工件,它包含一个或多个属性,例如“用户”或“组”。
Endpoint An endpoint for a service provider is a defined base path relative to the service provider's Base URI (see Section 1.3 of [RFC7644]), over which SCIM operations may be performed against SCIM resources. For example, assuming that the service provider's Base URI is "https://example.com/", "User" resources may be accessed at the "https://example.com/Users" or "https://example.com/v2/Users" endpoint (see Section 3.13 of [RFC7644] for details regarding protocol versioning, e.g., 'v2'). Service provider schemas MAY be returned from the "/Schemas" endpoint.
端点服务提供商的端点是相对于服务提供商的基本URI(参见[RFC7644]第1.3节)定义的基本路径,在该路径上可以对SCIM资源执行SCIM操作。例如,假设服务提供商的基本URI为“https://example.com/,“用户”资源可以在https://example.com/Users“或”https://example.com/v2/Users端点(参见[RFC7644]第3.13节了解协议版本控制的详细信息,如“v2”)。服务提供者架构可以从“/schemas”端点返回。
Schema A collection of attribute definitions that describe the contents of an entire or partial resource, e.g., "urn:ietf:params:scim:schemas:core:2.0:User". The attribute definitions specify the name of the attribute, and metadata such as type (e.g., string, binary), cardinality (singular, multi, complex), mutability, and returnability.
模式描述整个或部分资源内容的属性定义集合,例如“urn:ietf:params:scim:schemas:core:2.0:User”。属性定义指定属性的名称和元数据,如类型(例如字符串、二进制)、基数(单数、多数、复数)、可变性和可返回性。
Singular Attribute A resource attribute that contains 0..1 values, e.g., "displayName".
单一属性包含0..1个值的资源属性,例如“displayName”。
Multi-valued Attribute A resource attribute that contains 0..n values, e.g., "emails".
多值属性包含0..n个值的资源属性,例如“电子邮件”。
Simple Attribute A singular or multi-valued attribute whose value is a primitive, e.g., "String". A simple attribute MUST NOT contain sub-attributes.
简单属性值为基元的单值或多值属性,例如“字符串”。简单属性不能包含子属性。
Complex Attribute A singular or multi-valued attribute whose value is a composition of one or more simple attributes; e.g., "addresses" has the sub-attributes "streetAddress", "locality", "postalCode", and "country".
复杂属性:其值由一个或多个简单属性组成的单值或多值属性;e、 例如,“addresses”具有子属性“streetAddress”、“Location”、“postalCode”和“country”。
Sub-Attribute A simple attribute that is contained within a complex attribute.
子属性包含在复杂属性中的简单属性。
A SCIM server provides a set of resources, the allowable contents of which are defined by a set of schema URIs and a resource type. SCIM's schema is not a document-centric one such as with [XML-Schema]. Instead, SCIM's support of schema is attribute based, where each attribute may have different type, mutability, cardinality, or returnability. Validation of documents and messages is always performed by an intended receiver, as specified by the SCIM specifications. Validation is performed by the receiver in the context of a SCIM protocol request (see [RFC7644]). For example, a SCIM service provider, upon receiving a request to replace an existing resource with a replacement JSON object, evaluates each asserted attribute based on its characteristics as defined in the relevant schema (e.g., mutability) and decides which attributes may be replaced or ignored.
SCIM服务器提供一组资源,其允许内容由一组架构URI和资源类型定义。SCIM的模式不是像[XMLSchema]那样以文档为中心的模式。相反,SCIM对模式的支持是基于属性的,其中每个属性可能具有不同的类型、可变性、基数或可返回性。按照SCIM规范的规定,文档和消息的验证始终由预期接收者执行。验证由接收方在SCIM协议请求的上下文中执行(请参阅[RFC7644])。例如,SCIM服务提供商在收到用替换JSON对象替换现有资源的请求后,根据相关模式中定义的属性(例如,可变性)评估每个断言属性,并决定哪些属性可以替换或忽略。
This specification provides a minimal core schema for representing users and groups (resources), encompassing common attributes found in many existing deployments and schemas. In addition to the minimal core schema, this document also specifies a standardized means by which service providers may extend schemas to define new resources and attributes in both standardized and service-provider-specific cases.
该规范为表示用户和组(资源)提供了一个最小的核心模式,包括许多现有部署和模式中的公共属性。除了最小核心模式外,本文档还指定了一种标准化方法,服务提供商可以通过该方法扩展模式,在标准化和服务提供商特定的情况下定义新的资源和属性。
Resources are categorized into common resource types such as "User" or "Group". Collections of resources of the same type are usually contained within the same "container" ("folder") endpoint.
资源分为常见的资源类型,如“用户”或“组”。相同类型的资源集合通常包含在相同的“容器”(“文件夹”)端点中。
A resource is a collection of attributes identified by one or more schemas. Minimally, an attribute consists of the attribute name and at least one simple or complex value, either of which may be multi-valued. For each attribute, a SCIM schema defines the data type, plurality, mutability, and other distinguishing features of an attribute.
资源是由一个或多个模式标识的属性集合。至少,属性由属性名称和至少一个简单或复杂值组成,其中任何一个值都可以是多值的。对于每个属性,SCIM模式定义了属性的数据类型、多样性、可变性和其他区别特征。
Attribute names are case insensitive and are often "camel-cased" (e.g., "camelCase"). SCIM resources are represented in JSON [RFC7159] format and MUST specify schema via the "schemas" attribute per Section 3.
属性名称不区分大小写,通常是“camelCase”(例如,“camelCase”)。SCIM资源以JSON[RFC7159]格式表示,必须根据第3节通过“schemas”属性指定模式。
Attribute names MUST conform to the following ABNF rules:
属性名称必须符合以下ABNF规则:
ATTRNAME = ALPHA *(nameChar)
nameChar = "$" / "-" / "_" / DIGIT / ALPHA
ATTRNAME = ALPHA *(nameChar)
nameChar = "$" / "-" / "_" / DIGIT / ALPHA
Figure 1: ABNF for Attribute Names
图1:属性名称的ABNF
The above rules (and other rules in this specification) use the "Core Rules" from ABNF; see Appendix B of [RFC5234]. Unless otherwise specified in this document, all ABNF strings are case insensitive and the character set for these strings is US-ASCII. For example, all attribute names defined by the above rule are case insensitive.
上述规则(以及本规范中的其他规则)使用ABNF的“核心规则”;参见[RFC5234]的附录B。除非本文档中另有规定,否则所有ABNF字符串均不区分大小写,且这些字符串的字符集为US-ASCII。例如,上述规则定义的所有属性名称都不区分大小写。
When defining attribute names, it should be noted that the hyphen ("-") is not permitted in JavaScript attribute names (or in attribute names for some other languages). While there are no known issues within HTTP protocol and JSON notation, attribute names containing hyphens may need to be escaped when declaring corresponding names of JavaScript attributes.
定义属性名称时,应注意,JavaScript属性名称(或某些其他语言的属性名称)中不允许使用连字符(“-”)。虽然HTTP协议和JSON表示法中没有已知问题,但在声明JavaScript属性的相应名称时,可能需要转义包含连字符的属性名称。
All attributes have a set of characteristics that describe their type and handling by a service provider; full definitions may be found in Section 7. The characteristics include:
所有属性都有一组描述其类型和服务提供商处理的特征;完整定义见第7节。这些特点包括:
o "required",
o “必需”,
o "canonicalValues",
o “规范价值”,
o "caseExact",
o “案例准确”,
o "mutability",
o “可变性”,
o "returned",
o “返回”,
o "uniqueness", and
o “独特性”,以及
o "referenceTypes".
o “参考类型”。
If not otherwise stated in Section 7, SCIM attributes have the following characteristics:
如果第7节中未另行说明,SCIM属性具有以下特征:
o "required" is "false" (i.e., not REQUIRED),
o “必需”为“假”(即不必需),
o "canonicalValues": none assigned (for example, the "type" sub-attribute as described in Section 2.4),
o “canonicalValues”:未分配(例如,第2.4节中描述的“类型”子属性),
o "caseExact" is "false" (i.e., case-insensitive),
o “caseExact”为“false”(即不区分大小写),
o "mutability" is "readWrite" (i.e., modifiable),
o “可变性”是“可读写”(即可修改),
o "returned" is "default" (the attribute value is returned by default),
o “returned”为“default”(默认返回属性值),
o "uniqueness" is "none" (has no uniqueness enforced), and
o “唯一性”为“无”(没有强制的唯一性),并且
o "type" is "string" (Section 2.3.1).
o “类型”是“字符串”(第2.3.1节)。
Attribute data types are derived from JSON [RFC7159]. The JSON format defines a limited set of data types; hence, where appropriate, alternate JSON representations derived from XML Schema [XML-Schema] are defined below. SCIM extensions SHOULD NOT introduce new data types.
属性数据类型派生自JSON[RFC7159]。JSON格式定义了一组有限的数据类型;因此,在适当的情况下,下面定义了从XMLSchema[XMLSchema]派生的替代JSON表示。SCIM扩展不应引入新的数据类型。
Table 1 maps the following SCIM data types to their corresponding SCIM schema type and underlying JSON data type:
表1将以下SCIM数据类型映射到相应的SCIM模式类型和基础JSON数据类型:
+-----------+-------------+-----------------------------------------+
| SCIM Data | SCIM Schema | JSON Type |
| Type | "type" | |
+-----------+-------------+-----------------------------------------+
| String | "string" | String per Section 7 of [RFC7159] |
| | | |
| Boolean | "boolean" | Value per Section 3 of [RFC7159] |
| | | |
| Decimal | "decimal" | Number per Section 6 of [RFC7159] |
| | | |
| Integer | "integer" | Number per Section 6 of [RFC7159] |
| | | |
| DateTime | "dateTime" | String per Section 7 of [RFC7159] |
| | | |
| Binary | "binary" | Binary value base64 encoded per Section |
| | | 4 of [RFC4648], or with URL and |
| | | filename safe alphabet URL per Section |
| | | 5 of [RFC4648] that is passed as a JSON |
| | | string per Section 7 of [RFC7159] |
| | | |
| Reference | "reference" | String per Section 7 of [RFC7159] |
| | | |
| Complex | "complex" | Object per Section 4 of [RFC7159] |
+-----------+-------------+-----------------------------------------+
+-----------+-------------+-----------------------------------------+
| SCIM Data | SCIM Schema | JSON Type |
| Type | "type" | |
+-----------+-------------+-----------------------------------------+
| String | "string" | String per Section 7 of [RFC7159] |
| | | |
| Boolean | "boolean" | Value per Section 3 of [RFC7159] |
| | | |
| Decimal | "decimal" | Number per Section 6 of [RFC7159] |
| | | |
| Integer | "integer" | Number per Section 6 of [RFC7159] |
| | | |
| DateTime | "dateTime" | String per Section 7 of [RFC7159] |
| | | |
| Binary | "binary" | Binary value base64 encoded per Section |
| | | 4 of [RFC4648], or with URL and |
| | | filename safe alphabet URL per Section |
| | | 5 of [RFC4648] that is passed as a JSON |
| | | string per Section 7 of [RFC7159] |
| | | |
| Reference | "reference" | String per Section 7 of [RFC7159] |
| | | |
| Complex | "complex" | Object per Section 4 of [RFC7159] |
+-----------+-------------+-----------------------------------------+
Table 1: SCIM Data Type to JSON Representation
表1:SCIM数据类型到JSON表示
A sequence of zero or more Unicode characters encoded using UTF-8 as per [RFC2277] and [RFC3629]. The JSON format is defined in Section 7 of [RFC7159]. An attribute with SCIM schema type "string" MAY specify a required data format. Additionally, when "canonicalValues" is specified, service providers MAY restrict accepted values to the specified values.
按照[RFC2277]和[RFC3629]使用UTF-8编码的零个或多个Unicode字符序列。[RFC7159]第7节定义了JSON格式。SCIM模式类型为“string”的属性可以指定所需的数据格式。此外,当指定“canonicalValues”时,服务提供商可以将接受的值限制为指定的值。
The literal "true" or "false". The JSON format is defined in Section 3 of [RFC7159]. A boolean has no case sensitivity or uniqueness.
字面上的“真”或“假”。[RFC7159]第3节定义了JSON格式。布尔值没有区分大小写或唯一性。
A real number with at least one digit to the left and right of the period. The JSON format is defined in Section 6 of [RFC7159]. A decimal has no case sensitivity.
周期左右至少有一位数字的实数。[RFC7159]第6节定义了JSON格式。小数不区分大小写。
A whole number with no fractional digits or decimal. The JSON format is defined in Section 6 of [RFC7159], with the additional constraint that the value MUST NOT contain fractional or exponent parts. An integer has no case sensitivity.
没有小数或小数的整数。[RFC7159]的第6节定义了JSON格式,并附加了一个约束,即该值不得包含分数或指数部分。整数不区分大小写。
A DateTime value (e.g., 2008-01-23T04:56:22Z). The attribute value MUST be encoded as a valid xsd:dateTime as specified in Section 3.3.7 of [XML-Schema] and MUST include both a date and a time. A date time format has no case sensitivity or uniqueness.
日期时间值(例如,2008-01-23T04:56:22Z)。属性值必须编码为[XML Schema]第3.3.7节中指定的有效xsd:dateTime,并且必须同时包含日期和时间。日期时间格式不区分大小写或唯一性。
Values represented in JSON format MUST conform to the XML constraints above and are represented as a JSON string per Section 7 of [RFC7159].
以JSON格式表示的值必须符合上述XML约束,并根据[RFC7159]第7节以JSON字符串表示。
Arbitrary binary data. The attribute value MUST be base64 encoded as specified in Section 4 of [RFC4648]. In cases where a URL-safe encoding is required, the attribute definition MAY specify that base64 URL encoding be used as per Section 5 of [RFC4648]. Unless otherwise specified in the attribute definition, trailing padding characters MAY be omitted ("=").
任意二进制数据。属性值必须按照[RFC4648]第4节的规定进行base64编码。在需要URL安全编码的情况下,属性定义可以指定按照[RFC4648]第5节使用base64 URL编码。除非在属性定义中另有规定,否则可以省略尾随填充字符(“=”)。
In JSON representation, the encoded values are represented as a JSON string per Section 7 of [RFC7159]. A binary is case exact and has no uniqueness.
在JSON表示法中,根据[RFC7159]第7节,编码值表示为JSON字符串。二进制是大小写精确的,没有唯一性。
A URI for a resource. A resource MAY be a SCIM resource, an external link to a resource (e.g., a photo), or an identifier such as a URN. The value MUST be the absolute or relative URI of the target resource. Relative URIs should be resolved as specified in Section 5.2 of [RFC3986]. However, the base URI for relative URI resolution MUST include all URI components and path segments up to, but not including, the Endpoint URI (the SCIM service provider root
资源的URI。资源可以是SCIM资源、到资源的外部链接(例如照片)或诸如URN的标识符。该值必须是目标资源的绝对或相对URI。应按照[RFC3986]第5.2节的规定解决相关URI。但是,相对URI解析的基本URI必须包括所有URI组件和路径段,包括但不包括端点URI(SCIM服务提供程序根目录)
endpoint); e.g., the base URI for a request to "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646" would be "https://example.com/v2/", and the relative URI for this resource would be "Users/2819c223-7f76-453a-919d-413861904646".
终点);e、 例如,请求的基本URI为“https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646“将是”https://example.com/v2/,此资源的相对URI为“Users/2819c223-7f76-453a-919d-413861904646”。
In JSON representation, the URI value is represented as a JSON string per Section 7 of [RFC7159]. A reference is case exact. A reference has a "referenceTypes" attribute that indicates what types of resources may be linked, as per Section 7 of this document.
在JSON表示中,根据[RFC7159]第7节,URI值表示为JSON字符串。参考资料是精确的。根据本文档第7节,引用具有“referenceTypes”属性,该属性指示可链接的资源类型。
A reference URI MUST be to an HTTP-addressable resource. An HTTP client performing a GET operation on a reference URI MUST receive the target resource or an appropriate HTTP response code. A SCIM service provider MAY choose to enforce referential integrity for reference types referring to SCIM resources.
引用URI必须指向HTTP可寻址资源。对引用URI执行GET操作的HTTP客户端必须接收目标资源或适当的HTTP响应代码。SCIM服务提供商可以选择对引用SCIM资源的引用类型强制执行引用完整性。
By convention, a reference is commonly represented as a "$ref" sub-attribute in complex or multi-valued attributes; however, this is OPTIONAL.
按照惯例,在复杂或多值属性中,引用通常表示为“$ref”子属性;但是,这是可选的。
A singular or multi-valued attribute whose value is a composition of one or more simple attributes. The JSON format is defined in Section 4 of [RFC7159]. The order of the component attributes is not significant. Servers and clients MUST NOT require or expect attributes to be in any specific order when an object is either generated or analyzed. A complex attribute has no uniqueness or case sensitivity. A complex attribute MUST NOT contain sub-attributes that have sub-attributes (i.e., that are complex).
一种单值或多值属性,其值由一个或多个简单属性组成。[RFC7159]第4节定义了JSON格式。组件属性的顺序不重要。在生成或分析对象时,服务器和客户端不得要求或期望属性具有任何特定顺序。复杂属性没有唯一性或区分大小写。复杂属性不得包含具有子属性(即复杂属性)的子属性。
Multi-valued attributes contain a list of elements using the JSON array format defined in Section 5 of [RFC7159]. Elements can be either of the following:
多值属性包含使用[RFC7159]第5节中定义的JSON数组格式的元素列表。元素可以是以下任一元素:
o primitive values, or
o 原始值,或
o objects with a set of sub-attributes and values, using the JSON object format defined in Section 4 of [RFC7159], in which case they SHALL be considered to be complex attributes. As with complex attributes, the order of sub-attributes is not significant. The predefined sub-attributes listed in this section can be used with multi-valued attribute objects, but these sub-attributes MUST be used with the meanings defined here.
o 具有一组子属性和值的对象,使用[RFC7159]第4节中定义的JSON对象格式,在这种情况下,应将其视为复杂属性。与复杂属性一样,子属性的顺序并不重要。本节中列出的预定义子属性可用于多值属性对象,但这些子属性必须与此处定义的含义一起使用。
If not otherwise defined, the default set of sub-attributes for a multi-valued attribute is as follows:
如果未另行定义,则多值属性的默认子属性集如下所示:
type A label indicating the attribute's function, e.g., "work" or "home".
键入指示属性功能的标签,例如“工作”或“家庭”。
primary A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or the primary email address. The primary attribute value "true" MUST appear no more than once. If not specified, the value of "primary" SHALL be assumed to be "false".
primary一个布尔值,指示此属性的“primary”或首选属性值,例如首选邮寄地址或主要电子邮件地址。主属性值“true”不能出现多次。如果未规定,“主要”的值应假定为“假”。
display A human-readable name, primarily used for display purposes and having a mutability of "immutable".
显示人类可读的名称,主要用于显示目的,具有“不可变”的易变性。
value The attribute's significant value, e.g., email address, phone number.
为属性的有效值赋值,例如电子邮件地址、电话号码。
$ref The reference URI of a target resource, if the attribute is a reference. URIs are canonicalized per Section 6.2 of [RFC3986]. While the representation of a resource may vary in different SCIM protocol API versions (see Section 3.13 of [RFC7644]), URIs for SCIM resources with an API version SHALL be considered comparable to URIs without a version or with a different version. For example, "https://example.com/Users/12345" is equivalent to "https://example.com/v2/Users/12345".
$ref如果属性是引用,则为目标资源的引用URI。URI按照[RFC3986]第6.2节标准化。虽然资源的表示形式在不同的SCIM协议API版本中可能有所不同(请参见[RFC7644]第3.13节),但具有API版本的SCIM资源的URI应视为与没有版本或具有不同版本的URI相当。例如,”https://example.com/Users/12345“相当于”https://example.com/v2/Users/12345".
When returning multi-valued attributes, service providers SHOULD canonicalize the value returned (e.g., by returning a value for the sub-attribute "type", such as "home" or "work") when appropriate (e.g., for email addresses and URLs).
当返回多值属性时,服务提供商应在适当时(例如,电子邮件地址和URL)规范化返回的值(例如,通过返回子属性“类型”的值,例如“主页”或“工作”)。
Service providers MAY return element objects with the same "value" sub-attribute more than once with a different "type" sub-attribute (e.g., the same email address may be used for work and home) but SHOULD NOT return the same (type, value) combination more than once per attribute, as this complicates processing by the client.
服务提供商可以使用不同的“类型”子属性(例如,相同的电子邮件地址可用于工作和家庭)多次返回具有相同“值”子属性的元素对象,但每个属性不应多次返回相同的(类型、值)组合,因为这会使客户端的处理复杂化。
When defining schema for multi-valued attributes, it is considered a good practice to provide a type attribute that MAY be used for the purpose of canonicalization of values. In the schema definition for an attribute, the service provider MAY define the recommended canonical values (see Section 7).
在为多值属性定义模式时,提供类型属性被认为是一种良好的做法,该类型属性可用于值的规范化。在属性的模式定义中,服务提供者可以定义推荐的规范值(参见第7节)。
Unassigned attributes, the null value, or an empty array (in the case of a multi-valued attribute) SHALL be considered to be equivalent in "state". Assigning an attribute with the value "null" or an empty array (in the case of multi-valued attributes) has the effect of making the attribute "unassigned". When a resource is expressed in JSON format, unassigned attributes, although they are defined in schema, MAY be omitted for compactness.
未分配属性、空值或空数组(在多值属性的情况下)应视为在“状态”中等效。为属性指定值“null”或空数组(在多值属性的情况下)会使属性“未指定”。当资源以JSON格式表示时,未分配的属性(尽管它们在模式中定义)可能会被省略,以实现紧凑性。
Each SCIM resource is a JSON object that has the following components:
每个SCIM资源都是一个JSON对象,具有以下组件:
Resource Type Each resource (or JSON object) in SCIM has a resource type ("meta.resourceType"; see Section 3.1) that defines the resource's core attribute schema and any attribute extension schema, as well as the endpoint where objects of the same type may be found. More information about a resource MAY be found in its resource type definition (see Section 6).
资源类型SCIM中的每个资源(或JSON对象)都有一个资源类型(“meta.resourceType”;参见第3.1节),它定义了资源的核心属性模式和任何属性扩展模式,以及可以找到相同类型对象的端点。有关资源的更多信息,请参见其资源类型定义(参见第6节)。
"Schemas" Attribute The "schemas" attribute is a REQUIRED attribute and is an array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure. This attribute may be used by parsers to define the attributes present in the JSON structure that is the body to an HTTP request or response. Each String value must be a unique URI. All representations of SCIM schemas MUST include a non-empty array with value(s) of the URIs supported by that representation. The "schemas" attribute for a resource MUST only contain values defined as "schema" and "schemaExtensions" for the resource's defined "resourceType". Duplicate values MUST NOT be included. Value order is not specified and MUST NOT impact behavior.
“Schemas”属性“Schemas”属性是必需的属性,是一个包含URI的字符串数组,用于指示定义当前JSON结构中属性的SCIM模式的名称空间。解析器可以使用该属性定义JSON结构中的属性,JSON结构是HTTP请求或响应的主体。每个字符串值必须是唯一的URI。SCIM模式的所有表示都必须包含一个非空数组,该数组的值为该表示所支持的URI的值。资源的“schemas”属性只能包含为资源定义的“resourceType”定义的“schema”和“schemaExtensions”值。不得包含重复的值。未指定值顺序,且不得影响行为。
Common Attributes A resource's common attributes are those attributes that are part of every SCIM resource, regardless of the value of the "schemas" attribute present in a JSON body. These attributes are not defined in any particular schema but SHALL be assumed to be present in every resource, regardless of the value of the "schemas" attribute. See Section 3.1.
公共属性资源的公共属性是那些属于每个SCIM资源的属性,而不管JSON主体中“schemas”属性的值如何。这些属性未在任何特定模式中定义,但应假定存在于每个资源中,而不考虑“模式”属性的值。见第3.1节。
Core Attributes A resource's core attributes are those attributes that sit at the top level of the JSON object together with the common attributes (such as the resource "id"). The list of valid attributes is specified by the resource's resource type "schema" attribute (see Section 6). This same value is also present in the resource's "schemas" attribute.
核心属性资源的核心属性是那些与公共属性(如资源“id”)一起位于JSON对象顶层的属性。有效属性的列表由资源的资源类型“schema”属性指定(参见第6节)。这个相同的值也存在于资源的“schemas”属性中。
Extended Attributes Extended schema attributes are specified by the resource's resource type "schemaExtensions" attribute (see Section 6). Unlike core attributes, extended attributes are kept in their own sub-attribute namespace identified by the schema extension URI. This avoids attribute name conflicts that may arise due to conflicts from separate schema extensions.
扩展属性扩展模式属性由资源的资源类型“schemaExtensions”属性指定(请参见第6节)。与核心属性不同,扩展属性保存在模式扩展URI标识的自己的子属性命名空间中。这避免了由于来自不同模式扩展的冲突而可能出现的属性名称冲突。
The following example "User" contains the common attributes "id" and "externalId", as well as the complex attribute "meta", which contains the sub-attribute "resourceType". The resource also contains core attributes "userName" and "name", as well as extended enterprise User attributes "employeeNumber" and "costCenter", which are contained in their own JSON substructure identified by their schema URI. Some values have been omitted (...), shortened, or spaced out for clarity.
下面的示例“User”包含公共属性“id”和“externalId”,以及复杂属性“meta”,其中包含子属性“resourceType”。该资源还包含核心属性“userName”和“name”,以及扩展的企业用户属性“employeeNumber”和“costCenter”,它们包含在由模式URI标识的JSON子结构中。为了清晰起见,某些值被省略(…)、缩短或隔开。
{ "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
{“schemas”:[“urn:ietf:params:scim:schemas:core:2.0:User”,“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User”],
"id": "2819c223-7f76-453a-413861904646",
"externalId": "701984",
"id": "2819c223-7f76-453a-413861904646",
"externalId": "701984",
"userName": "bjensen@example.com",
"name": {
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
...
"userName": "bjensen@example.com",
"name": {
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
...
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"costCenter": "4130",
...
},
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"costCenter": "4130",
...
},
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff591\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-413861904646"
}
}
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff591\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-413861904646"
}
}
Figure 2: Example JSON Resource Structure
图2:JSON资源结构示例
Each SCIM resource (Users, Groups, etc.) includes the following common attributes. With the exception of the "ServiceProviderConfig" and "ResourceType" server discovery endpoints and their associated resources, these attributes MUST be defined for all resources, including any extended resource types. When accepted by a service provider (e.g., after a SCIM create), the attributes "id" and "meta" (and its associated sub-attributes) MUST be assigned values by the service provider. Common attributes are considered to be part of every base resource schema and do not use their own "schemas" URI.
每个SCIM资源(用户、组等)都包括以下公共属性。除“ServiceProviderConfig”和“ResourceType”服务器发现终结点及其关联资源外,必须为所有资源(包括任何扩展资源类型)定义这些属性。当服务提供商接受时(例如,在SCIM创建之后),属性“id”和“meta”(及其相关子属性)必须由服务提供商分配值。公共属性被认为是每个基本资源模式的一部分,并且不使用它们自己的“模式”URI。
For backward compatibility, some existing schema definitions MAY list common attributes as part of the schema. The attribute characteristics (see Section 2.2) listed here SHALL take precedence over older definitions that may be included in existing schemas.
为了向后兼容,一些现有的模式定义可能会将公共属性列为模式的一部分。此处列出的属性特征(见第2.2节)应优先于现有模式中可能包含的旧定义。
id A unique identifier for a SCIM resource as defined by the service provider. Each representation of the resource MUST include a non-empty "id" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the "id" attribute is always issued by the service provider and MUST NOT be specified by the client. The string "bulkId" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are "caseExact" as "true", a mutability of "readOnly", and a "returned" characteristic of "always". See Section 9 for additional considerations regarding privacy.
id服务提供商定义的SCIM资源的唯一标识符。资源的每个表示都必须包含一个非空的“id”值。此标识符在SCIM服务提供商的整个资源集中必须是唯一的。它必须是一个稳定的、不可重新分配的标识符,在后续请求中返回相同的资源时不会发生更改。“id”属性的值始终由服务提供商发出,客户端不能指定。字符串“bulkId”是保留关键字,不得在任何唯一标识符值中使用。属性特征是“caseExact”为“true”,可变为“readOnly”,以及“returned”为“always”。有关隐私的其他注意事项,请参见第9节。
externalId A String that is an identifier for the resource as defined by the provisioning client. The "externalId" may simplify identification of a resource between the provisioning client and the service provider by allowing the client to use a filter to locate the resource with an identifier from the provisioning domain, obviating the need to store a local mapping between the provisioning domain's identifier of the resource and the identifier used by the service provider. Each resource MAY include a non-empty "externalId" value. The value of the "externalId" attribute is always issued by the provisioning client and MUST NOT be specified by the service provider. The service provider MUST always interpret the externalId as scoped to the provisioning domain. While the server does not enforce uniqueness, it is assumed that the value's uniqueness is controlled by the client setting the value. See Section 9 for
externalId是一个字符串,该字符串是资源调配客户端定义的资源标识符。“externalId”可以通过允许客户端使用过滤器来定位具有来自供应域的标识符的资源,从而简化供应客户端和服务提供商之间的资源标识,无需存储资源的供应域标识符和服务提供商使用的标识符之间的本地映射。每个资源可能包括一个非空的“externalId”值。“externalId”属性的值始终由配置客户端发出,并且不能由服务提供商指定。服务提供商必须始终将externalId解释为作用域为供应域。虽然服务器不强制唯一性,但假定值的唯一性由设置该值的客户端控制。有关详细信息,请参见第9节
additional considerations regarding privacy. This attribute has "caseExact" as "true" and a mutability of "readWrite". This attribute is OPTIONAL.
关于隐私的其他注意事项。此属性将“caseExact”设置为“true”,并具有“readWrite”的易变性。此属性是可选的。
meta A complex attribute containing resource metadata. All "meta" sub-attributes are assigned by the service provider (have a "mutability" of "readOnly"), and all of these sub-attributes have a "returned" characteristic of "default". This attribute SHALL be ignored when provided by clients. "meta" contains the following sub-attributes:
meta包含资源元数据的复杂属性。所有“元”子属性都由服务提供商分配(具有“只读”的“可变性”),并且所有这些子属性都具有“返回的”特性“默认”。当由客户机提供时,应忽略此属性。“meta”包含以下子属性:
resourceType The name of the resource type of the resource. This attribute has a mutability of "readOnly" and "caseExact" as "true".
resourceType资源的资源类型的名称。此属性具有“readOnly”和“caseExact”作为“true”的易变性。
created The "DateTime" that the resource was added to the service provider. This attribute MUST be a DateTime.
创建了将资源添加到服务提供程序的“日期时间”。此属性必须是日期时间。
lastModified The most recent DateTime that the details of this resource were updated at the service provider. If this resource has never been modified since its initial creation, the value MUST be the same as the value of "created".
lastModified在服务提供商处更新此资源详细信息的最近日期时间。如果此资源自初始创建以来从未被修改过,则该值必须与“已创建”的值相同。
location The URI of the resource being returned. This value MUST be the same as the "Content-Location" HTTP response header (see Section 3.1.4.2 of [RFC7231]).
位置返回的资源的URI。该值必须与“内容位置”HTTP响应头相同(见[RFC7231]第3.1.4.2节)。
version The version of the resource being returned. This value must be the same as the entity-tag (ETag) HTTP response header (see Sections 2.1 and 2.3 of [RFC7232]). This attribute has "caseExact" as "true". Service provider support for this attribute is optional and subject to the service provider's support for versioning (see Section 3.14 of [RFC7644]). If a service provider provides "version" (entity-tag) for a representation and the generation of that entity-tag does not satisfy all of the characteristics of a strong validator (see Section 2.1 of [RFC7232]), then the origin server MUST mark the "version" (entity-tag) as weak by prefixing its opaque value with "W/" (case sensitive).
version返回的资源的版本。该值必须与实体标记(ETag)HTTP响应头相同(参见[RFC7232]的第2.1节和第2.3节)。此属性的“caseExact”为“true”。服务提供商对此属性的支持是可选的,并取决于服务提供商对版本控制的支持(请参见[RFC7644]第3.14节)。如果服务提供商为表示提供“版本”(实体标记),并且该实体标记的生成不满足强验证器的所有特征(参见[RFC7232]第2.1节),则源服务器必须通过在其不透明值前加上“W/”(区分大小写)将“版本”(实体标记)标记为弱。
SCIM may be extended to define new classes of resources by defining a resource type. Each resource type defines the name, endpoint, base schema (the attributes), and any schema extensions registered for use with the resource type. In order to offer new types of resources, a service provider defines the new resource type as specified in Section 6 and defines a schema representation (see Section 8.7).
SCIM可以通过定义资源类型来扩展以定义新的资源类。每个资源类型定义名称、端点、基本架构(属性)以及注册用于资源类型的任何架构扩展。为了提供新类型的资源,服务提供商定义了第6节中指定的新资源类型,并定义了模式表示(参见第8.7节)。
SCIM allows resource types to have extensions in addition to their core schema. This is similar to how "objectClasses" are used in LDAP [RFC4512]. However, unlike LDAP, there is no inheritance model; all extensions are additive (similar to the LDAP auxiliary object class). Each value in the "schemas" attribute indicates additive schema that MAY exist in a SCIM resource representation. The "schemas" attribute MUST contain at least one value, which SHALL be the base schema for the resource. The "schemas" attribute MAY contain additional values indicating extended schemas that are in use. Schema extensions SHOULD avoid redefining any attributes defined in this specification and SHOULD follow conventions defined in this specification. Except for the base object schema, the schema extension URI SHALL be used as a JSON container to distinguish attributes belonging to the extension namespace from base schema attributes. See Figure 5, which is an example of the JSON representation of an enterprise User and is also an example of a User with extended schema.
SCIM允许资源类型在其核心模式之外具有扩展。这类似于LDAP[RFC4512]中使用“对象类”的方式。但是,与LDAP不同,没有继承模型;所有扩展都是可添加的(类似于LDAP辅助对象类)。“schemas”属性中的每个值都表示SCIM资源表示中可能存在的附加模式。“schemas”属性必须至少包含一个值,该值应为资源的基本模式。“schemas”属性可能包含指示正在使用的扩展模式的附加值。模式扩展应避免重新定义本规范中定义的任何属性,并应遵循本规范中定义的约定。除基本对象模式外,模式扩展URI应用作JSON容器,以区分属于扩展名称空间的属性与基本模式属性。请参见图5,它是企业用户的JSON表示示例,也是具有扩展模式的用户示例。
In order to determine which URI value in the "schemas" attribute is the base schema and which is an extended schema for any given resource, the resource's "resourceType" attribute value MAY be used to retrieve the resource's "ResourceType" schema (see Section 6). See the "ResourceType" representation in Figure 8 for an example.
为了确定“schemas”属性中的哪个URI值是基本模式,哪个是任何给定资源的扩展模式,可以使用资源的“resourceType”属性值检索资源的“resourceType”模式(参见第6节)。有关示例,请参见图8中的“ResourceType”表示。
This section defines the default resource schemas present in a SCIM server. SCIM is not exclusive to these resources and may be extended to support other resource types (see Section 3.2).
本节定义SCIM服务器中存在的默认资源架构。SCIM并非这些资源独有的,可以扩展以支持其他资源类型(见第3.2节)。
SCIM provides a resource type for "User" resources. The core schema for "User" is identified using the following schema URI: "urn:ietf:params:scim:schemas:core:2.0:User". The following attributes are defined in addition to the core schema attributes:
SCIM为“用户”资源提供了一种资源类型。“用户”的核心模式使用以下模式URI标识:“urn:ietf:params:scim:schemas:core:2.0:User”。除核心架构属性外,还定义了以下属性:
userName A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider. Often displayed to the user as their unique identifier within the system (as opposed to "id" or "externalId", which are generally opaque and not user-friendly identifiers). Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. This attribute is REQUIRED and is case insensitive.
用户名服务提供商为用户提供的唯一标识符,通常由用户用于直接向服务提供商进行身份验证。通常显示给用户作为其在系统内的唯一标识符(与“id”或“externalId”相反,后者通常是不透明的,不便于用户使用的标识符)。每个用户必须包含一个非空的用户名值。此标识符在服务提供商的整个用户集中必须是唯一的。此属性是必需的,不区分大小写。
name The components of the user's name. Service providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.
命名用户名的组成部分。服务提供者可以在格式化的子属性中以单个字符串的形式仅返回全名,也可以使用其他子属性仅返回单个组件属性,或者两者都返回。如果两个变量都返回,它们应该描述相同的名称,格式化名称指示组件属性应该如何组合。
formatted The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., "Ms. Barbara Jane Jensen, III").
格式化全名,包括所有中间名、标题和后缀(视情况而定),格式化以供显示(例如,“Barbara Jane Jensen女士,III”)。
familyName The family name of the User, or last name in most Western languages (e.g., "Jensen" given the full name "Ms. Barbara Jane Jensen, III").
familyName用户的姓氏,或大多数西方语言中的姓氏(例如,“Jensen”全名为“Ms.Barbara Jane Jensen,III”)。
givenName The given name of the User, or first name in most Western languages (e.g., "Barbara" given the full name "Ms. Barbara Jane Jensen, III").
givenName用户的名字,或大多数西方语言中的名字(例如,“Barbara”全名为“Ms.Barbara Jane Jensen,III”)。
middleName The middle name(s) of the User (e.g., "Jane" given the full name "Ms. Barbara Jane Jensen, III").
middleName用户的中间名(例如,“Jane”全名为“Ms.Barbara Jane Jensen,III”)。
honorificPrefix The honorific prefix(es) of the User, or title in most Western languages (e.g., "Ms." given the full name "Ms. Barbara Jane Jensen, III").
尊称前缀用户的尊称前缀,或大多数西方语言中的标题(例如,“Ms.”全名为“Ms.Barbara Jane Jensen,III”)。
honorificSuffix The honorific suffix(es) of the User, or suffix in most Western languages (e.g., "III" given the full name "Ms. Barbara Jane Jensen, III").
尊称后缀用户的尊称后缀,或大多数西方语言中的后缀(例如,全名为“Barbara Jane Jensen女士,III”的“III”)。
displayName The name of the user, suitable for display to end-users. Each user returned MAY include a non-empty displayName value. The name SHOULD be the full name of the User being described, if known (e.g., "Babs Jensen" or "Ms. Barbara J Jensen, III") but MAY be a username or handle, if that is all that is available (e.g., "bjensen"). The value provided SHOULD be the primary textual label by which this User is normally displayed by the service provider when presenting it to end-users.
displayName用户的名称,适合向最终用户显示。返回的每个用户可能包括一个非空的displayName值。如果已知,名称应为所描述用户的全名(如“Babs Jensen”或“Barbara J Jensen女士,III”),但如果仅此而已,则可以是用户名或句柄(如“bjensen”)。提供的值应为主要文本标签,服务提供商在向最终用户展示时通常使用该标签来显示该用户。
nickName The casual way to address the user in real life, e.g., "Bob" or "Bobby" instead of "Robert". This attribute SHOULD NOT be used to represent a User's username (e.g., bjensen or mpepperidge).
昵称在现实生活中称呼用户的非正式方式,例如,“Bob”或“Bobby”而不是“Robert”。此属性不应用于表示用户的用户名(例如,bjensen或MPeperidge)。
profileUrl A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page). URIs are canonicalized per Section 6.2 of [RFC3986].
profileUrl是一个统一资源定位器(如[RFC3986]第1.1.3节所定义)的URI,它指向表示用户在线配置文件的位置(例如网页)。URI按照[RFC3986]第6.2节标准化。
title The user's title, such as "Vice President".
标题用户的标题,如“副总裁”。
userType Used to identify the relationship between the organization and the user. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown", but any value may be used.
用于标识组织和用户之间关系的用户类型。使用的典型值可能是“承包商”、“员工”、“实习生”、“临时工”、“外部”和“未知”,但可以使用任何值。
preferredLanguage Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface. The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including "Accept-Language:") and is specified in Section 5.3.5 of [RFC7231]. The intent of this value is to enable cloud applications to perform matching of language tags [RFC4647] to the user's language preferences, regardless of what may be indicated by a user agent (which might be shared), or in an
preferredLanguage表示用户首选的书面或口头语言,通常用于选择本地化用户界面。该值表示首选的自然语言集。该值的格式与HTTP Accept Language标头字段相同(不包括“Accept Language:”),并在[RFC7231]的第5.3.5节中指定。此值的目的是使云应用程序能够执行语言标记[RFC4647]与用户的语言首选项的匹配,而不管用户代理(可能是共享的)或
interaction that does not involve a user (such as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal HTTP Accept-Language header negotiation cannot take place.
不涉及用户的交互(例如在委托的OAuth 2.0[RFC6749]样式的交互中),其中无法进行正常的HTTP Accept Language标头协商。
locale Used to indicate the User's default location for purposes of localizing such items as currency, date time format, or numerical representations. A valid value is a language tag as defined in [RFC5646]. Computer languages are explicitly excluded.
区域设置,用于指示用户的默认位置,以便对货币、日期时间格式或数字表示等项目进行本地化。有效值是[RFC5646]中定义的语言标记。计算机语言被明确排除在外。
A language tag is a sequence of one or more case-insensitive sub-tags, each separated by a hyphen character ("-", %x2D). For backward compatibility, servers MAY accept tags separated by an underscore character ("_", %x5F). In most cases, a language tag consists of a primary language sub-tag that identifies a broad family of related languages (e.g., "en" = English) and that is optionally followed by a series of sub-tags that refine or narrow that language's range (e.g., "en-CA" = the variety of English as communicated in Canada). Whitespace is not allowed within a language tag. Example tags include:
语言标记是一个或多个不区分大小写的子标记序列,每个子标记由连字符(“-”,%x2D)分隔。为了向后兼容,服务器可以接受由下划线字符(“\ux”,%x5F)分隔的标记。在大多数情况下,语言标记由一个主要语言子标记组成,该子标记标识了一个广泛的相关语言家族(例如,“en”=英语),并且可选地后跟一系列子标记,这些子标记细化或缩小了该语言的范围(例如,“en CA”=在加拿大交流的各种英语)。语言标记中不允许有空格。示例标记包括:
fr, en-US, es-419, az-Arab, x-pig-latin, man-Nkoo-GN
法国,欧洲,美国,es-419,亚利桑那州阿拉伯,x-pig-latin,man-Nkoo GN
See [RFC5646] for further information.
有关更多信息,请参阅[RFC5646]。
timezone The User's time zone, in IANA Time Zone database format [RFC6557], also known as the "Olson" time zone database format [Olson-TZ] (e.g., "America/Los_Angeles").
时区用户的时区,采用IANA时区数据库格式[RFC6557],也称为“奥尔森”时区数据库格式[Olson TZ](例如,“美国/洛杉矶”)。
active A Boolean value indicating the user's administrative status. The definitive meaning of this attribute is determined by the service provider. As a typical example, a value of true implies that the user is able to log in, while a value of false implies that the user's account has been suspended.
active一个布尔值,指示用户的管理状态。此属性的最终含义由服务提供商确定。作为典型示例,值true表示用户能够登录,而值false表示用户的帐户已挂起。
password This attribute is intended to be used as a means to set, replace, or compare (i.e., filter for equality) a password. The cleartext value or the hashed value of a password SHALL NOT be returnable by a service provider. If a service provider holds the value locally, the value SHOULD be hashed. When a password is set or changed by the client, the cleartext password SHOULD be processed by the service provider as follows:
密码此属性旨在用作设置、替换或比较(即筛选是否相等)密码的方法。服务提供商不得返回密码的明文值或哈希值。如果服务提供者在本地持有该值,则应对该值进行哈希处理。当客户端设置或更改密码时,服务提供商应按如下方式处理明文密码:
* Prepare the cleartext value for international language comparison. See Section 7.8 of [RFC7644].
* 为国际语言比较准备明文值。见[RFC7644]第7.8节。
* Validate the value against server password policy. Note: The definition and enforcement of password policy are beyond the scope of this document.
* 根据服务器密码策略验证该值。注意:密码策略的定义和实施超出了本文档的范围。
* Ensure that the value is encrypted (e.g., hashed). See Section 9.2 for acceptable hashing and encryption handling when storing or persisting for provisioning workflow reasons.
* 确保该值已加密(例如,哈希)。请参阅第9.2节,了解出于供应工作流原因存储或持久化时可接受的哈希和加密处理。
A service provider that immediately passes the cleartext value on to another system or programming interface MUST pass the value directly over a secured connection (e.g., Transport Layer Security (TLS)). If the value needs to be temporarily persisted for a period of time (e.g., because of a workflow) before provisioning, then the value MUST be protected by some method, such as encryption.
立即将明文值传递给另一个系统或编程接口的服务提供商必须直接通过安全连接(例如,传输层安全性(TLS))传递该值。如果在设置之前需要将该值临时保留一段时间(例如,由于工作流),则必须通过某种方法(如加密)保护该值。
Testing for an equality match MAY be supported if there is an existing stored hashed value. When testing for equality, the service provider:
如果存在已存储的哈希值,则可能支持测试相等匹配。测试平等性时,服务提供商:
* Prepares the filter value for international language comparison. See Section 7.8 of [RFC7644].
* 准备用于国际语言比较的筛选器值。见[RFC7644]第7.8节。
* Generates the salted hash of the filter value and tests for a match with the locally held value.
* 生成筛选器值的salt散列,并测试是否与本地保留的值匹配。
The mutability of the password attribute is "writeOnly", indicating that the value MUST NOT be returned by a service provider in any form (the attribute characteristic "returned" is "never").
password属性的可变性为“writeOnly”,表示服务提供者不能以任何形式返回该值(属性特征“returned”为“never”)。
The following multi-valued attributes are defined.
定义了以下多值属性。
emails Email addresses for the User. The value SHOULD be specified according to [RFC5321]. Service providers SHOULD canonicalize the value according to [RFC5321], e.g., "bjensen@example.com" instead of "bjensen@EXAMPLE.COM". The "display" sub-attribute MAY be used to return the canonicalized representation of the email value. The "type" sub-attribute is used to provide a classification meaningful to the (human) user. The user interface should encourage the use of basic values of "work", "home", and "other" and MAY allow additional type values to be used at the discretion of SCIM clients.
用户的电子邮件地址。应根据[RFC5321]规定该值。服务提供商应根据[RFC5321]规范化该值,例如“bjensen@example.com“而不是”bjensen@EXAMPLE.COM". “display”子属性可用于返回电子邮件值的规范化表示。“type”子属性用于提供对(人类)用户有意义的分类。用户界面应鼓励使用“工作”、“家庭”和“其他”的基本值,并允许SCIM客户自行决定使用其他类型值。
phoneNumbers Phone numbers for the user. The value SHOULD be specified according to the format defined in [RFC3966], e.g., 'tel:+1-201-555-0123'. Service providers SHOULD canonicalize the value according to [RFC3966] format, when appropriate. The "display" sub-attribute MAY be used to return the canonicalized representation of the phone number value. The sub-attribute "type" often has typical values of "work", "home", "mobile", "fax", "pager", and "other" and MAY allow more types to be defined by the SCIM clients.
PhoneNumber用户的电话号码。应根据[RFC3966]中定义的格式指定该值,例如,“电话:+1-201-555-0123”。适当时,服务提供商应根据[RFC3966]格式规范化该值。“display”子属性可用于返回电话号码值的规范化表示。子属性“type”通常具有“work”、“home”、“mobile”、“fax”、“pager”和“other”的典型值,并且允许SCIM客户端定义更多类型。
ims Instant messaging address for the user. No official canonicalization rules exist for all instant messaging addresses, but service providers SHOULD, when appropriate, remove all whitespace and convert the address to lowercase. The "type" sub-attribute SHOULD take one of the following values: "aim", "gtalk", "icq", "xmpp", "msn", "skype", "qq", "yahoo", or "other" (representing currently popular IM services at the time of this writing). Service providers MAY add further values if new IM services are introduced and MAY specify more detailed canonicalization rules for each possible value.
用户的ims即时消息地址。没有针对所有即时消息地址的官方规范化规则,但服务提供商应在适当时删除所有空白并将地址转换为小写。“type”子属性应采用以下值之一:“aim”、“gtalk”、“icq”、“xmpp”、“msn”、“skype”、“qq”、“yahoo”或“other”(表示撰写本文时当前流行的IM服务)。如果引入了新的IM服务,服务提供商可以添加更多的值,并且可以为每个可能的值指定更详细的规范化规则。
photos A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image. The resource MUST be a file (e.g., a GIF, JPEG, or PNG image file) rather than a web page containing an image. Service providers MAY return the same image in different sizes, although it is recognized that no standard for describing images of various sizes currently exists. Note that this attribute SHOULD NOT be used to send down arbitrary photos
照片一个URI,它是一个统一的资源定位器(如[RFC3986]第1.1.3节所定义),指向代表用户图像的资源位置。资源必须是文件(例如GIF、JPEG或PNG图像文件),而不是包含图像的网页。服务提供商可以返回不同大小的相同图像,尽管目前还没有描述不同大小图像的标准。请注意,此属性不应用于发送任意照片
taken by this user; instead, profile photos of the user that are suitable for display when describing the user should be sent. Instead of the standard canonical values for type, this attribute defines the following canonical values to represent popular photo sizes: "photo" and "thumbnail".
由该用户拍摄;相反,应该发送适合在描述用户时显示的用户个人资料照片。此属性定义以下规范值来表示常用的照片大小,而不是类型的标准规范值:“照片”和“缩略图”。
addresses A physical mailing address for this user. Canonical type values of "work", "home", and "other". This attribute is a complex type with the following sub-attributes. All sub-attributes are OPTIONAL.
地址此用户的物理邮寄地址。“工作”、“家庭”和“其他”的规范类型值。此属性是具有以下子属性的复杂类型。所有子属性都是可选的。
formatted The full mailing address, formatted for display or use with a mailing label. This attribute MAY contain newlines.
格式化完整的邮寄地址,格式化后可显示或与邮寄标签一起使用。此属性可能包含换行符。
streetAddress The full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute MAY contain newlines.
streetAddress完整的街道地址组件,其中可能包括门牌号、街道名称、邮政信箱和多行扩展街道地址信息。此属性可能包含换行符。
locality The city or locality component.
地区城市或地区组成部分。
region The state or region component.
区域状态或区域组件。
postalCode The zip code or postal code component.
postalCode—邮政编码或邮政编码组件。
country The country name component. When specified, the value MUST be in ISO 3166-1 "alpha-2" code format [ISO3166]; e.g., the United States and Sweden are "US" and "SE", respectively.
国家/地区-国家/地区名称组件。指定时,该值必须采用ISO 3166-1“alpha-2”代码格式[ISO3166];e、 例如,美国和瑞典分别是“US”和“SE”。
groups A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated. The values are meant to enable expression of common group-based or role-based access control models, although no explicit authorization model is defined. It is intended that the semantics of group membership and any behavior or authorization granted as a result of membership are defined by the service provider. The canonical types "direct" and "indirect" are defined to describe how the group membership was derived. Direct group membership indicates that the user is directly associated with the group and SHOULD indicate that clients may modify membership through the "Group" resource. Indirect membership indicates that user membership is transitive or dynamic and implies that clients cannot modify indirect group membership through the "Group" resource but MAY modify direct group membership through the "Group" resource, which may influence indirect memberships. If the SCIM service provider exposes a "Group" resource, the "value"
组通过直接成员身份、嵌套组或动态计算,用户所属的组列表。这些值旨在支持表达常见的基于组或基于角色的访问控制模型,但未定义明确的授权模型。其目的是由服务提供商定义组成员资格的语义以及由于成员资格而授予的任何行为或授权。规范类型“直接”和“间接”被定义为描述组成员身份是如何派生的。直接组成员资格表示用户与组直接关联,并应表示客户端可以通过“组”资源修改成员资格。间接成员资格表示用户成员资格是可传递的或动态的,并表示客户端不能通过“组”资源修改间接组成员资格,但可以通过“组”资源修改直接组成员资格,这可能会影响间接成员资格。如果SCIM服务提供商公开“组”资源,“值”
sub-attribute MUST be the "id", and the "$ref" sub-attribute must be the URI of the corresponding "Group" resources to which the user belongs. Since this attribute has a mutability of "readOnly", group membership changes MUST be applied via the "Group" Resource (Section 4.2). This attribute has a mutability of "readOnly".
子属性必须是“id”,“$ref”子属性必须是用户所属的相应“组”资源的URI。由于该属性具有“只读”的易变性,因此必须通过“组”资源应用组成员资格更改(第4.2节)。此属性的易变性为“只读”。
entitlements A list of entitlements for the user that represent a thing the user has. An entitlement may be an additional right to a thing, object, or service. No vocabulary or syntax is specified; service providers and clients are expected to encode sufficient information in the value so as to accurately and without ambiguity determine what the user has access to. This value has no canonical types, although a type may be useful as a means to scope entitlements.
权利代表用户拥有的东西的用户权利列表。权利可以是对事物、对象或服务的附加权利。没有指定词汇或语法;服务提供商和客户应在价值中编码足够的信息,以便准确无歧义地确定用户有权访问的内容。此值没有规范类型,尽管类型可能是范围权限的有用方法。
roles A list of roles for the user that collectively represent who the user is, e.g., "Student", "Faculty". No vocabulary or syntax is specified, although it is expected that a role value is a String or label representing a collection of entitlements. This value has no canonical types.
角色用户的角色列表,共同表示用户是谁,例如,“学生”、“教员”。未指定词汇表或语法,但角色值应为表示权限集合的字符串或标签。此值没有规范类型。
x509Certificates A list of certificates associated with the resource (e.g., a User). Each value contains exactly one DER-encoded X.509 certificate (see Section 4 of [RFC5280]), which MUST be base64 encoded per Section 4 of [RFC4648]. A single value MUST NOT contain multiple certificates and so does not contain the encoding "SEQUENCE OF Certificate" in any guise.
x509Certificates与资源(例如,用户)关联的证书列表。每个值仅包含一个DER编码的X.509证书(参见[RFC5280]第4节),该证书必须按照[RFC4648]第4节进行base64编码。单个值不能包含多个证书,因此不包含任何形式的编码“证书序列”。
SCIM provides a schema for representing groups, identified using the following schema URI: "urn:ietf:params:scim:schemas:core:2.0:Group".
SCIM提供了一个用于表示组的模式,使用以下模式URI标识:“urn:ietf:params:SCIM:schemas:core:2.0:Group”。
"Group" resources are meant to enable expression of common group-based or role-based access control models, although no explicit authorization model is defined. It is intended that the semantics of group membership, and any behavior or authorization granted as a result of membership, are defined by the service provider; these are considered out of scope for this specification.
“组”资源旨在支持表达常见的基于组或基于角色的访问控制模型,尽管没有定义明确的授权模型。集团成员资格的语义以及由于成员资格而授予的任何行为或授权由服务提供商定义;这些被认为超出了本规范的范围。
The following singular attribute is defined in addition to the common attributes defined in the SCIM core schema:
除了SCIM核心模式中定义的公共属性外,还定义了以下单一属性:
displayName A human-readable name for the Group. REQUIRED.
displayName组的可读名称。必修的。
The following multi-valued attribute is defined in addition to the common attributes defined in the SCIM core schema:
除了SCIM核心架构中定义的公共属性外,还定义了以下多值属性:
members A list of members of the Group. While values MAY be added or removed, sub-attributes of members are "immutable". The "value" sub-attribute contains the value of an "id" attribute of a SCIM resource, and the "$ref" sub-attribute must be the URI of a SCIM resource such as a "User", or a "Group". The intention of the "Group" type is to allow the service provider to support nested groups. Service providers MAY require clients to provide a non-empty value by setting the "required" attribute characteristic of a sub-attribute of the "members" attribute in the "Group" resource schema.
成员组的成员列表。虽然可以添加或删除值,但成员的子属性是“不可变的”。“value”子属性包含SCIM资源的“id”属性的值,“$ref”子属性必须是SCIM资源(如“用户”或“组”)的URI。“组”类型的目的是允许服务提供者支持嵌套组。服务提供者可以通过在“组”资源模式中设置“成员”属性的子属性的“必需”属性特征来要求客户端提供非空值。
The following SCIM extension defines attributes commonly used in representing users that belong to, or act on behalf of, a business or enterprise. The enterprise User extension is identified using the following schema URI: "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User".
以下SCIM扩展定义了通常用于表示属于或代表企业的用户的属性。企业用户扩展使用以下模式URI标识:“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User”。
The following singular attributes are defined:
定义了以下单一属性:
employeeNumber A string identifier, typically numeric or alphanumeric, assigned to a person, typically based on order of hire or association with an organization.
employeeNumber分配给某人的字符串标识符,通常为数字或字母数字,通常基于雇用顺序或与组织的关联。
costCenter Identifies the name of a cost center.
成本中心标识成本中心的名称。
organization Identifies the name of an organization.
组织标识组织的名称。
division Identifies the name of a division.
分部标识分部的名称。
department Identifies the name of a department.
department标识部门的名称。
manager The user's manager. A complex type that optionally allows service providers to represent organizational hierarchy by referencing the "id" attribute of another User.
管理器用户的管理器。一种复杂类型,允许服务提供者通过引用另一个用户的“id”属性来表示组织层次结构。
value The "id" of the SCIM resource representing the user's manager. RECOMMENDED.
为代表用户经理的SCIM资源的“id”赋值。推荐。
$ref The URI of the SCIM resource representing the User's manager. RECOMMENDED.
$ref表示用户管理器的SCIM资源的URI。推荐。
displayName The displayName of the user's manager. This attribute is OPTIONAL, and mutability is "readOnly".
displayName用户管理器的displayName。此属性是可选的,并且可变性为“只读”。
SCIM provides a schema for representing the service provider's configuration, identified using the following schema URI: "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig".
SCIM提供了一个用于表示服务提供商配置的模式,该模式使用以下模式URI标识:“urn:ietf:params:SCIM:schemas:core:2.0:ServiceProviderConfig”。
The service provider configuration resource enables a service provider to discover SCIM specification features in a standardized form as well as provide additional implementation details to clients. All attributes have a mutability of "readOnly". Unlike other core resources, the "id" attribute is not required for the service provider configuration resource.
服务提供商配置资源使服务提供商能够以标准化的形式发现SCIM规范功能,并向客户端提供其他实现细节。所有属性都具有“只读”的易变性。与其他核心资源不同,服务提供者配置资源不需要“id”属性。
The following singular attributes are defined in addition to the common attributes defined in the core schema:
除了核心架构中定义的公共属性外,还定义了以下单一属性:
documentationUri An HTTP-addressable URL pointing to the service provider's human-consumable help documentation. OPTIONAL.
documentationUri一个HTTP可寻址URL,指向服务提供商的帮助文档。可选择的
patch A complex type that specifies PATCH configuration options. REQUIRED. See Section 3.5.2 of [RFC7644].
修补程序指定修补程序配置选项的复杂类型。必修的。见[RFC7644]第3.5.2节。
supported A Boolean value specifying whether or not the operation is supported. REQUIRED.
支持指定是否支持该操作的布尔值。必修的。
bulk A complex type that specifies bulk configuration options. See Section 3.7 of [RFC7644]. REQUIRED.
大容量指定大容量配置选项的复杂类型。见[RFC7644]第3.7节。必修的。
supported A Boolean value specifying whether or not the operation is supported. REQUIRED.
支持指定是否支持该操作的布尔值。必修的。
maxOperations An integer value specifying the maximum number of operations. REQUIRED.
maxOperations指定最大操作数的整数值。必修的。
maxPayloadSize An integer value specifying the maximum payload size in bytes. REQUIRED.
maxPayloadSize以字节为单位指定最大有效负载大小的整数值。必修的。
filter A complex type that specifies FILTER options. REQUIRED. See Section 3.4.2.2 of [RFC7644].
筛选器指定筛选器选项的复杂类型。必修的。见[RFC7644]第3.4.2.2节。
supported A Boolean value specifying whether or not the operation is supported. REQUIRED.
支持指定是否支持该操作的布尔值。必修的。
maxResults An integer value specifying the maximum number of resources returned in a response. REQUIRED.
maxResults是一个整数值,指定响应中返回的最大资源数。必修的。
changePassword A complex type that specifies configuration options related to changing a password. REQUIRED.
changePassword指定与更改密码相关的配置选项的复杂类型。必修的。
supported A Boolean value specifying whether or not the operation is supported. REQUIRED.
支持指定是否支持该操作的布尔值。必修的。
sort A complex type that specifies Sort configuration options. REQUIRED.
排序指定排序配置选项的复杂类型。必修的。
supported A Boolean value specifying whether or not sorting is supported. REQUIRED.
支持指定是否支持排序的布尔值。必修的。
etag A complex type that specifies ETag configuration options. REQUIRED.
etag指定etag配置选项的复杂类型。必修的。
supported A Boolean value specifying whether or not the operation is supported. REQUIRED.
支持指定是否支持该操作的布尔值。必修的。
The following multi-valued attribute is defined in addition to the common attributes defined in the core schema:
除了核心架构中定义的公共属性外,还定义了以下多值属性:
authenticationSchemes A multi-valued complex type that specifies supported authentication scheme properties. To enable seamless discovery of configurations, the service provider SHOULD, with the appropriate security considerations, make the authenticationSchemes attribute publicly accessible without prior authentication. REQUIRED. The following sub-attributes are defined:
authenticationSchemes指定支持的身份验证方案属性的多值复杂类型。为了实现配置的无缝发现,服务提供商应在适当的安全考虑下,使authenticationSchemes属性在无需事先身份验证的情况下可公开访问。必修的。定义了以下子属性:
type The authentication scheme. This specification defines the values "oauth", "oauth2", "oauthbearertoken", "httpbasic", and "httpdigest". REQUIRED.
键入身份验证方案。本规范定义了值“oauth”、“oauth2”、“OAuthBealerToken”、“httpbasic”和“httpdigest”。必修的。
name The common authentication scheme name, e.g., HTTP Basic. REQUIRED.
命名通用身份验证方案名称,例如HTTP Basic。必修的。
description A description of the authentication scheme. REQUIRED.
描述身份验证方案的描述。必修的。
specUri An HTTP-addressable URL pointing to the authentication scheme's specification. OPTIONAL.
specUri指向身份验证方案规范的HTTP可寻址URL。可选择的
documentationUri An HTTP-addressable URL pointing to the authentication scheme's usage documentation. OPTIONAL.
documentationUri一个HTTP可寻址URL,指向身份验证方案的使用文档。可选择的
The "ResourceType" schema specifies the metadata about a resource type. Resource type resources are READ-ONLY and identified using the following schema URI: "urn:ietf:params:scim:schemas:core:2.0:ResourceType". Unlike other core resources, all attributes are REQUIRED unless otherwise specified. The "id" attribute is not required for the resource type resource.
“ResourceType”模式指定关于资源类型的元数据。资源类型资源是只读的,并使用以下模式URI进行标识:“urn:ietf:params:scim:schemas:core:2.0:ResourceType”。与其他核心资源不同,除非另有规定,否则所有属性都是必需的。资源类型资源不需要“id”属性。
The following singular attributes are defined:
定义了以下单一属性:
id The resource type's server unique id. This is often the same value as the "name" attribute. OPTIONAL.
id资源类型的服务器唯一id。该值通常与“name”属性的值相同。可选择的
name The resource type name. When applicable, service providers MUST specify the name, e.g., "User" or "Group". This name is referenced by the "meta.resourceType" attribute in all resources. REQUIRED.
命名资源类型名称。如果适用,服务提供商必须指定名称,例如“用户”或“组”。此名称由所有资源中的“meta.resourceType”属性引用。必修的。
description The resource type's human-readable description. When applicable, service providers MUST specify the description. OPTIONAL.
描述资源类型的人类可读描述。适用时,服务提供商必须指定说明。可选择的
endpoint The resource type's HTTP-addressable endpoint relative to the Base URL of the service provider, e.g., "Users". REQUIRED.
端点资源类型的HTTP可寻址端点,相对于服务提供者的基本URL,例如“用户”。必修的。
schema The resource type's primary/base schema URI, e.g., "urn:ietf:params:scim:schemas:core:2.0:User". This MUST be equal to the "id" attribute of the associated "Schema" resource. REQUIRED.
schema资源类型的主/基本模式URI,例如,“urn:ietf:params:scim:schemas:core:2.0:User”。这必须等于关联的“Schema”资源的“id”属性。必修的。
schemaExtensions A list of URIs of the resource type's schema extensions. OPTIONAL.
schemaExtensions资源类型的架构扩展的URI列表。可选择的
schema The URI of an extended schema, e.g., "urn:edu:2.0:Staff". This MUST be equal to the "id" attribute of a "Schema" resource. REQUIRED.
schema扩展模式的URI,例如“urn:edu:2.0:Staff”。这必须等于“Schema”资源的“id”属性。必修的。
required A Boolean value that specifies whether or not the schema extension is required for the resource type. If true, a resource of this type MUST include this schema extension and also include any attributes declared as required in this schema extension. If false, a resource of this type MAY omit this schema extension. REQUIRED.
必需一个布尔值,指定资源类型是否需要架构扩展。如果为true,则此类型的资源必须包含此架构扩展,还必须包含在此架构扩展中声明为必需的任何属性。如果为false,则此类型的资源可能会忽略此架构扩展。必修的。
This section defines a way to specify the schema in use by resources available and accepted by a SCIM service provider. For each "schemas" URI value, this schema specifies the defined attribute(s) and their characteristics (mutability, returnability, etc). For every schema URI used in a resource object, there is a corresponding "Schema" resource. "Schema" resources are not modifiable, and their associated attributes have a mutability of "readOnly". Except for "id" (which is always returned), all attributes have a "returned" characteristic of "default". Unless otherwise specified, all schema attributes are case insensitive. These resources have a "schemas" attribute with the following schema URI:
本节定义了一种指定SCIM服务提供商所接受的可用资源所使用的模式的方法。对于每个“模式”URI值,该模式指定定义的属性及其特征(可变性、可返回性等)。对于资源对象中使用的每个模式URI,都有一个对应的“模式”资源。“Schema”资源是不可修改的,它们的关联属性具有“readOnly”的易变性。除了“id”(总是返回)之外,所有属性都具有“returned”特性“default”。除非另有规定,否则所有架构属性都不区分大小写。这些资源具有一个具有以下模式URI的“schemas”属性:
urn:ietf:params:scim:schemas:core:2.0:Schema
urn:ietf:params:scim:schemas:core:2.0:Schema
Unlike other core resources, the "Schema" resource MAY contain a complex object within a sub-attribute, and all attributes are REQUIRED unless otherwise specified.
与其他核心资源不同,“Schema”资源可能包含子属性中的复杂对象,除非另有规定,否则所有属性都是必需的。
The following singular attributes are defined:
定义了以下单一属性:
id The unique URI of the schema. When applicable, service providers MUST specify the URI, e.g., "urn:ietf:params:scim:schemas:core:2.0:User". Unlike most other schemas, which use some sort of Globally Unique Identifier (GUID) for the "id", the schema "id" is a URI so that it can be registered and is portable between different service providers and clients. REQUIRED.
id架构的唯一URI。如果适用,服务提供商必须指定URI,例如,“urn:ietf:params:scim:schemas:core:2.0:User”。与大多数其他模式不同,这些模式使用某种全局唯一标识符(GUID)作为“id”,模式“id”是一个URI,因此可以在不同的服务提供商和客户端之间进行注册和移植。必修的。
name The schema's human-readable name. When applicable, service providers MUST specify the name, e.g., "User" or "Group". OPTIONAL.
命名模式的人类可读名称。如果适用,服务提供商必须指定名称,例如“用户”或“组”。可选择的
description The schema's human-readable description. When applicable, service providers MUST specify the description. OPTIONAL.
描述模式的可读描述。适用时,服务提供商必须指定说明。可选择的
The following multi-valued attribute is defined:
定义了以下多值属性:
attributes A complex type that defines service provider attributes and their qualities via the following set of sub-attributes:
属性通过以下一组子属性定义服务提供商属性及其质量的复杂类型:
name The attribute's name.
命名属性的名称。
type The attribute's data type. Valid values are "string", "boolean", "decimal", "integer", "dateTime", "reference", and "complex". When an attribute is of type "complex", there SHOULD be a corresponding schema attribute "subAttributes" defined, listing the sub-attributes of the attribute.
键入属性的数据类型。有效值为“字符串”、“布尔”、“十进制”、“整数”、“日期时间”、“引用”和“复数”。当属性类型为“complex”时,应该定义相应的模式属性“subAttributes”,列出属性的子属性。
subAttributes When an attribute is of type "complex", "subAttributes" defines a set of sub-attributes. "subAttributes" has the same schema sub-attributes as "attributes".
子属性当属性类型为“复杂”时,“子属性”定义一组子属性。“子属性”与“属性”具有相同的架构子属性。
multiValued A Boolean value indicating the attribute's plurality.
多值表示属性的多个布尔值。
description The attribute's human-readable description. When applicable, service providers MUST specify the description.
描述属性的人类可读描述。适用时,服务提供商必须指定说明。
required A Boolean value that specifies whether or not the attribute is required.
required一个布尔值,指定是否需要该属性。
canonicalValues A collection of suggested canonical values that MAY be used (e.g., "work" and "home"). In some cases, service providers MAY choose to ignore unsupported values. OPTIONAL.
CanonicalValue可使用的建议规范值的集合(例如,“工作”和“家庭”)。在某些情况下,服务提供商可能会选择忽略不支持的值。可选择的
caseExact A Boolean value that specifies whether or not a string attribute is case sensitive. The server SHALL use case sensitivity when evaluating filters. For attributes that are case exact, the server SHALL preserve case for any value submitted. If the attribute is case insensitive, the server MAY alter case for a submitted value. Case sensitivity also impacts how attribute values MAY be compared against filter values (see Section 3.4.2.2 of [RFC7644]).
caseExact一个布尔值,指定字符串属性是否区分大小写。评估过滤器时,服务器应使用区分大小写。对于大小写精确的属性,服务器应为提交的任何值保留大小写。如果属性不区分大小写,服务器可能会更改提交值的大小写。区分大小写还影响如何将属性值与过滤器值进行比较(见[RFC7644]第3.4.2.2节)。
mutability A single keyword indicating the circumstances under which the value of the attribute can be (re)defined:
易变性一个单独的关键字,指示可以(重新)定义属性值的情况:
readOnly The attribute SHALL NOT be modified.
只读属性不应被修改。
readWrite The attribute MAY be updated and read at any time. This is the default value.
readWrite属性可以随时更新和读取。这是默认值。
immutable The attribute MAY be defined at resource creation (e.g., POST) or at record replacement via a request (e.g., a PUT). The attribute SHALL NOT be updated.
不可变属性可以在资源创建时(例如POST)或通过请求(例如PUT)在记录替换时定义。属性不应更新。
writeOnly The attribute MAY be updated at any time. Attribute values SHALL NOT be returned (e.g., because the value is a stored hash). Note: An attribute with a mutability of "writeOnly" usually also has a returned setting of "never".
该属性可以随时进行更新。不应返回属性值(例如,因为该值是存储的哈希值)。注意:易变性为“writeOnly”的属性通常也返回“never”设置。
returned A single keyword that indicates when an attribute and associated values are returned in response to a GET request or in response to a PUT, POST, or PATCH request. Valid keywords are as follows:
返回一个关键字,指示在响应GET请求或PUT、POST或PATCH请求时返回属性和关联值的时间。有效关键字如下:
always The attribute is always returned, regardless of the contents of the "attributes" parameter. For example, "id" is always returned to identify a SCIM resource.
无论“attributes”参数的内容如何,始终返回属性。例如,始终返回“id”以标识SCIM资源。
never The attribute is never returned. This may occur because the original attribute value (e.g., a hashed value) is not retained by the service provider. A service provider MAY allow attributes to be used in a search filter.
从不返回该属性。这可能是因为原始属性值(例如,散列值)未被服务提供商保留。服务提供商可以允许在搜索筛选器中使用属性。
default The attribute is returned by default in all SCIM operation responses where attribute values are returned. If the GET request "attributes" parameter is specified, attribute values are only returned if the attribute is named in the "attributes" parameter. DEFAULT.
默认在返回属性值的所有SCIM操作响应中,默认情况下返回属性。如果指定了GET请求“attributes”参数,则仅当属性在“attributes”参数中命名时,才会返回属性值。违约
request The attribute is returned in response to any PUT, POST, or PATCH operations if the attribute was specified by the client (for example, the attribute was modified). The attribute is returned in a SCIM query operation only if specified in the "attributes" parameter.
请求如果属性由客户端指定(例如,属性已修改),则返回该属性以响应任何PUT、POST或修补程序操作。只有在“attributes”参数中指定时,该属性才会在SCIM查询操作中返回。
uniqueness A single keyword value that specifies how the service provider enforces uniqueness of attribute values. A server MAY reject an invalid value based on uniqueness by returning HTTP response code 400 (Bad Request). A client MAY enforce uniqueness on the client side to a greater degree than the service provider enforces. For example, a client could make a value unique while the server has uniqueness of "none". Valid keywords are as follows:
唯一性指定服务提供商如何强制属性值唯一性的单个关键字值。服务器可以通过返回HTTP响应代码400(错误请求),基于唯一性拒绝无效值。客户机可以在客户机端强制执行唯一性,其程度可能大于服务提供商强制执行的程度。例如,客户机可以使值唯一,而服务器的唯一性为“无”。有效关键字如下:
none The values are not intended to be unique in any way. DEFAULT.
无这些值在任何方面都不是唯一的。违约
server The value SHOULD be unique within the context of the current SCIM endpoint (or tenancy) and MAY be globally unique (e.g., a "username", email address, or other server-generated key or counter). No two resources on the same server SHOULD possess the same value.
服务器该值在当前SCIM端点(或租约)的上下文中应该是唯一的,并且可以是全局唯一的(例如,“用户名”、电子邮件地址或其他服务器生成的密钥或计数器)。同一服务器上的两个资源不应具有相同的值。
global The value SHOULD be globally unique (e.g., an email address, a GUID, or other value). No two resources on any server SHOULD possess the same value.
全局-该值应是全局唯一的(例如,电子邮件地址、GUID或其他值)。任何服务器上的两个资源都不应具有相同的值。
referenceTypes A multi-valued array of JSON strings that indicate the SCIM resource types that may be referenced. Valid values are as follows:
referenceTypes是一个JSON字符串的多值数组,表示可能被引用的SCIM资源类型。有效值如下所示:
+ A SCIM resource type (e.g., "User" or "Group"),
+ SCIM资源类型(例如,“用户”或“组”),
+ "external" - indicating that the resource is an external resource (e.g., a photo), or
+ “外部”-表示资源是外部资源(例如照片),或
+ "uri" - indicating that the reference is to a service endpoint or an identifier (e.g., a schema URN).
+ “uri”-表示引用是指向服务端点或标识符(例如,架构URN)。
This attribute is only applicable for attributes that are of type "reference" (Section 2.3.7).
该属性仅适用于“参考”类型的属性(第2.3.7节)。
The following is a non-normative example of the minimal required SCIM representation in JSON format.
以下是JSON格式的最低要求SCIM表示的非规范性示例。
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"userName": "bjensen@example.com",
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff590\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
}
}
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"userName": "bjensen@example.com",
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff590\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
}
}
Figure 3: Example Minimal User JSON Representation
图3:示例最小用户JSON表示
The following is a non-normative example of the fully populated SCIM representation in JSON format.
以下是JSON格式的完全填充SCIM表示的非规范性示例。
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"externalId": "701984",
"userName": "bjensen@example.com",
"name": {
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
"displayName": "Babs Jensen",
"nickName": "Babs",
"profileUrl": "https://login.example.com/bjensen",
"emails": [
{
"value": "bjensen@example.com",
"type": "work",
"primary": true
},
{
"value": "babs@jensen.org",
"type": "home"
}
],
"addresses": [
{
"type": "work",
"streetAddress": "100 Universal City Plaza",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"primary": true
},
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"externalId": "701984",
"userName": "bjensen@example.com",
"name": {
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
"displayName": "Babs Jensen",
"nickName": "Babs",
"profileUrl": "https://login.example.com/bjensen",
"emails": [
{
"value": "bjensen@example.com",
"type": "work",
"primary": true
},
{
"value": "babs@jensen.org",
"type": "home"
}
],
"addresses": [
{
"type": "work",
"streetAddress": "100 Universal City Plaza",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"primary": true
},
{
"type": "home",
"streetAddress": "456 Hollywood Blvd",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA"
}
],
"phoneNumbers": [
{
"value": "555-555-5555",
"type": "work"
},
{
"value": "555-555-4444",
"type": "mobile"
}
],
"ims": [
{
"value": "someaimhandle",
"type": "aim"
}
],
"photos": [
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/F",
"type": "photo"
},
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/T",
"type": "thumbnail"
}
],
{
"type": "home",
"streetAddress": "456 Hollywood Blvd",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA"
}
],
"phoneNumbers": [
{
"value": "555-555-5555",
"type": "work"
},
{
"value": "555-555-4444",
"type": "mobile"
}
],
"ims": [
{
"value": "someaimhandle",
"type": "aim"
}
],
"photos": [
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/F",
"type": "photo"
},
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/T",
"type": "thumbnail"
}
],
"userType": "Employee",
"title": "Tour Guide",
"preferredLanguage": "en-US",
"locale": "en-US",
"timezone": "America/Los_Angeles",
"active":true,
"password": "t1meMa$heen",
"groups": [
{
"value": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"$ref":
"https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a",
"display": "Tour Guides"
},
{
"value": "fc348aa8-3835-40eb-a20b-c726e15c55b5",
"$ref":
"https://example.com/v2/Groups/fc348aa8-3835-40eb-a20b-c726e15c55b5",
"display": "Employees"
},
{
"value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"$ref":
"https://example.com/v2/Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"display": "US Employees"
}
],
"userType": "Employee",
"title": "Tour Guide",
"preferredLanguage": "en-US",
"locale": "en-US",
"timezone": "America/Los_Angeles",
"active":true,
"password": "t1meMa$heen",
"groups": [
{
"value": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"$ref":
"https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a",
"display": "Tour Guides"
},
{
"value": "fc348aa8-3835-40eb-a20b-c726e15c55b5",
"$ref":
"https://example.com/v2/Groups/fc348aa8-3835-40eb-a20b-c726e15c55b5",
"display": "Employees"
},
{
"value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"$ref":
"https://example.com/v2/Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"display": "US Employees"
}
],
"x509Certificates": [
{
"value":
"MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo="
}
],
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
}
}
"x509Certificates": [
{
"value":
"MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo="
}
],
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"a330bc54f0671c9\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
}
}
Figure 4: Example Full User JSON Representation
图4:完整用户JSON表示示例
The following is a non-normative example of the fully populated User using the enterprise User extension in JSON format.
以下是使用JSON格式的企业用户扩展的完全填充用户的非规范性示例。
{
"schemas":
["urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"externalId": "701984",
"userName": "bjensen@example.com",
"name": {
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
"displayName": "Babs Jensen",
"nickName": "Babs",
"profileUrl": "https://login.example.com/bjensen",
"emails": [
{
"value": "bjensen@example.com",
"type": "work",
"primary": true
},
{
"value": "babs@jensen.org",
"type": "home"
}
],
"addresses": [
{
"streetAddress": "100 Universal City Plaza",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"type": "work",
"primary": true
},
{
"schemas":
["urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"externalId": "701984",
"userName": "bjensen@example.com",
"name": {
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificPrefix": "Ms.",
"honorificSuffix": "III"
},
"displayName": "Babs Jensen",
"nickName": "Babs",
"profileUrl": "https://login.example.com/bjensen",
"emails": [
{
"value": "bjensen@example.com",
"type": "work",
"primary": true
},
{
"value": "babs@jensen.org",
"type": "home"
}
],
"addresses": [
{
"streetAddress": "100 Universal City Plaza",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"type": "work",
"primary": true
},
{
"streetAddress": "456 Hollywood Blvd",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
"type": "home"
}
],
"phoneNumbers": [
{
"value": "555-555-5555",
"type": "work"
},
{
"value": "555-555-4444",
"type": "mobile"
}
],
"ims": [
{
"value": "someaimhandle",
"type": "aim"
}
],
"photos": [
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/F",
"type": "photo"
},
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/T",
"type": "thumbnail"
}
],
{
"streetAddress": "456 Hollywood Blvd",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
"type": "home"
}
],
"phoneNumbers": [
{
"value": "555-555-5555",
"type": "work"
},
{
"value": "555-555-4444",
"type": "mobile"
}
],
"ims": [
{
"value": "someaimhandle",
"type": "aim"
}
],
"photos": [
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/F",
"type": "photo"
},
{
"value":
"https://photos.example.com/profilephoto/72930000000Ccne/T",
"type": "thumbnail"
}
],
"userType": "Employee",
"title": "Tour Guide",
"preferredLanguage": "en-US",
"locale": "en-US",
"timezone": "America/Los_Angeles",
"active":true,
"password": "t1meMa$heen",
"groups": [
{
"value": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"$ref": "../Groups/e9e30dba-f08f-4109-8486-d5c6a331660a",
"display": "Tour Guides"
},
{
"value": "fc348aa8-3835-40eb-a20b-c726e15c55b5",
"$ref": "../Groups/fc348aa8-3835-40eb-a20b-c726e15c55b5",
"display": "Employees"
},
{
"value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"$ref": "../Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"display": "US Employees"
}
],
"x509Certificates": [
{
"value":
"MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo="
}
],
"userType": "Employee",
"title": "Tour Guide",
"preferredLanguage": "en-US",
"locale": "en-US",
"timezone": "America/Los_Angeles",
"active":true,
"password": "t1meMa$heen",
"groups": [
{
"value": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"$ref": "../Groups/e9e30dba-f08f-4109-8486-d5c6a331660a",
"display": "Tour Guides"
},
{
"value": "fc348aa8-3835-40eb-a20b-c726e15c55b5",
"$ref": "../Groups/fc348aa8-3835-40eb-a20b-c726e15c55b5",
"display": "Employees"
},
{
"value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"$ref": "../Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7",
"display": "US Employees"
}
],
"x509Certificates": [
{
"value":
"MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD
VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa
MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl
eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw
IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc
1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i
PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ
zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3
DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr
SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU
dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt
Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R
C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1
+GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo="
}
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"costCenter": "4130",
"organization": "Universal Studios",
"division": "Theme Park",
"department": "Tour Operations",
"manager": {
"value": "26118915-6090-4610-87e4-49d8ca9f808d",
"$ref": "../Users/26118915-6090-4610-87e4-49d8ca9f808d",
"displayName": "John Smith"
}
},
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff591\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
}
}
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"costCenter": "4130",
"organization": "Universal Studios",
"division": "Theme Park",
"department": "Tour Operations",
"manager": {
"value": "26118915-6090-4610-87e4-49d8ca9f808d",
"$ref": "../Users/26118915-6090-4610-87e4-49d8ca9f808d",
"displayName": "John Smith"
}
},
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff591\"",
"location":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646"
}
}
Figure 5: Example Enterprise User JSON Representation
图5:示例企业用户JSON表示
The following is a non-normative example of the SCIM Group representation in JSON format.
以下是JSON格式的SCIM组表示的非规范性示例。
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"id": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"displayName": "Tour Guides",
"members": [
{
"value": "2819c223-7f76-453a-919d-413861904646",
"$ref":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646",
"display": "Babs Jensen"
},
{
"value": "902c246b-6245-4190-8e05-00816be7344a",
"$ref":
"https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a",
"display": "Mandy Pepperidge"
}
],
"meta": {
"resourceType": "Group",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff592\"",
"location":
"https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a"
}
}
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"id": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"displayName": "Tour Guides",
"members": [
{
"value": "2819c223-7f76-453a-919d-413861904646",
"$ref":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646",
"display": "Babs Jensen"
},
{
"value": "902c246b-6245-4190-8e05-00816be7344a",
"$ref":
"https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a",
"display": "Mandy Pepperidge"
}
],
"meta": {
"resourceType": "Group",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff592\"",
"location":
"https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a"
}
}
Figure 6: Example Group JSON Representation
图6:示例组JSON表示
The following is a non-normative example of the SCIM service provider configuration representation in JSON format.
以下是JSON格式的SCIM服务提供商配置表示的非规范性示例。
{
"schemas":
["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
"documentationUri": "http://example.com/help/scim.html",
"patch": {
"supported":true
},
"bulk": {
"supported":true,
"maxOperations":1000,
"maxPayloadSize":1048576
},
"filter": {
"supported":true,
"maxResults": 200
},
"changePassword": {
"supported":true
},
"sort": {
"supported":true
},
"etag": {
"supported":true
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description":
"Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "http://example.com/help/oauth.html",
"type": "oauthbearertoken",
"primary": true
},
{
"schemas":
["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
"documentationUri": "http://example.com/help/scim.html",
"patch": {
"supported":true
},
"bulk": {
"supported":true,
"maxOperations":1000,
"maxPayloadSize":1048576
},
"filter": {
"supported":true,
"maxResults": 200
},
"changePassword": {
"supported":true
},
"sort": {
"supported":true
},
"etag": {
"supported":true
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description":
"Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "http://example.com/help/oauth.html",
"type": "oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description":
"Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "http://example.com/help/httpBasic.html",
"type": "httpbasic"
}
],
"meta": {
"location": "https://example.com/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff594\""
}
}
{
"name": "HTTP Basic",
"description":
"Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "http://example.com/help/httpBasic.html",
"type": "httpbasic"
}
],
"meta": {
"location": "https://example.com/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff594\""
}
}
Figure 7: Example Service Provider Configuration JSON Representation
图7:示例服务提供者配置JSON表示
The following is a non-normative example of the SCIM resource types in JSON format.
以下是JSON格式的SCIM资源类型的非规范性示例。
[{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
"id": "User",
"name": "User",
"endpoint": "/Users",
"description": "User Account",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"schema":
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"required": true
}
],
"meta": {
"location": "https://example.com/v2/ResourceTypes/User",
"resourceType": "ResourceType"
}
},
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
"id": "Group",
"name": "Group",
"endpoint": "/Groups",
"description": "Group",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"meta": {
"location": "https://example.com/v2/ResourceTypes/Group",
"resourceType": "ResourceType"
}
}]
[{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
"id": "User",
"name": "User",
"endpoint": "/Users",
"description": "User Account",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"schema":
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"required": true
}
],
"meta": {
"location": "https://example.com/v2/ResourceTypes/User",
"resourceType": "ResourceType"
}
},
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
"id": "Group",
"name": "Group",
"endpoint": "/Groups",
"description": "Group",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"meta": {
"location": "https://example.com/v2/ResourceTypes/Group",
"resourceType": "ResourceType"
}
}]
Figure 8: Example Resource Type JSON Representation
图8:示例资源类型JSON表示
The following sections provide representations of schemas for both SCIM resources and service provider schemas. Note that the JSON representation has been modified for readability and to fit the specification format.
以下部分提供了SCIM资源和服务提供者模式的模式表示。请注意,为了可读性和符合规范格式,对JSON表示进行了修改。
The following is intended as an example of the SCIM schema representation in JSON format for SCIM resources. Where permitted, individual values and schema MAY change. This example includes schema representations for "User", "Group", and "EnterpriseUser"; other schema representations are possible.
以下是SCIM资源的JSON格式的SCIM模式表示示例。在允许的情况下,单个值和模式可能会更改。该示例包括“用户”、“组”和“企业用户”的模式表示;其他模式表示也是可能的。
[
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:User",
"name" : "User",
"description" : "User Account",
"attributes" : [
{
"name" : "userName",
"type" : "string",
"multiValued" : false,
"description" : "Unique identifier for the User, typically
used by the user to directly authenticate to the service provider.
Each User MUST include a non-empty userName value. This identifier
MUST be unique across the service provider's entire set of Users.
REQUIRED.",
"required" : true,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "server"
},
[
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:User",
"name" : "User",
"description" : "User Account",
"attributes" : [
{
"name" : "userName",
"type" : "string",
"multiValued" : false,
"description" : "Unique identifier for the User, typically
used by the user to directly authenticate to the service provider.
Each User MUST include a non-empty userName value. This identifier
MUST be unique across the service provider's entire set of Users.
REQUIRED.",
"required" : true,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "server"
},
{
"name" : "name",
"type" : "complex",
"multiValued" : false,
"description" : "The components of the user's real name.
Providers MAY return just the full name as a single string in the
formatted sub-attribute, or they MAY return just the individual
component attributes using the other sub-attributes, or they MAY
return both. If both variants are returned, they SHOULD be
describing the same name, with the formatted name indicating how the
component attributes should be combined.",
"required" : false,
"subAttributes" : [
{
"name" : "formatted",
"type" : "string",
"multiValued" : false,
"description" : "The full name, including all middle
names, titles, and suffixes as appropriate, formatted for display
(e.g., 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "familyName",
"type" : "string",
"multiValued" : false,
"description" : "The family name of the User, or
last name in most Western languages (e.g., 'Jensen' given the full
name 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "name",
"type" : "complex",
"multiValued" : false,
"description" : "The components of the user's real name.
Providers MAY return just the full name as a single string in the
formatted sub-attribute, or they MAY return just the individual
component attributes using the other sub-attributes, or they MAY
return both. If both variants are returned, they SHOULD be
describing the same name, with the formatted name indicating how the
component attributes should be combined.",
"required" : false,
"subAttributes" : [
{
"name" : "formatted",
"type" : "string",
"multiValued" : false,
"description" : "The full name, including all middle
names, titles, and suffixes as appropriate, formatted for display
(e.g., 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "familyName",
"type" : "string",
"multiValued" : false,
"description" : "The family name of the User, or
last name in most Western languages (e.g., 'Jensen' given the full
name 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "givenName",
"type" : "string",
"multiValued" : false,
"description" : "The given name of the User, or
first name in most Western languages (e.g., 'Barbara' given the
full name 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "middleName",
"type" : "string",
"multiValued" : false,
"description" : "The middle name(s) of the User
(e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "honorificPrefix",
"type" : "string",
"multiValued" : false,
"description" : "The honorific prefix(es) of the User, or
title in most Western languages (e.g., 'Ms.' given the full name
'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "givenName",
"type" : "string",
"multiValued" : false,
"description" : "The given name of the User, or
first name in most Western languages (e.g., 'Barbara' given the
full name 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "middleName",
"type" : "string",
"multiValued" : false,
"description" : "The middle name(s) of the User
(e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "honorificPrefix",
"type" : "string",
"multiValued" : false,
"description" : "The honorific prefix(es) of the User, or
title in most Western languages (e.g., 'Ms.' given the full name
'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "honorificSuffix",
"type" : "string",
"multiValued" : false,
"description" : "The honorific suffix(es) of the User, or
suffix in most Western languages (e.g., 'III' given the full name
'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "displayName",
"type" : "string",
"multiValued" : false,
"description" : "The name of the User, suitable for display
to end-users. The name SHOULD be the full name of the User being
described, if known.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "nickName",
"type" : "string",
"multiValued" : false,
"description" : "The casual way to address the user in real
life, e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute
SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or
'mpepperidge').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "honorificSuffix",
"type" : "string",
"multiValued" : false,
"description" : "The honorific suffix(es) of the User, or
suffix in most Western languages (e.g., 'III' given the full name
'Ms. Barbara J Jensen, III').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "displayName",
"type" : "string",
"multiValued" : false,
"description" : "The name of the User, suitable for display
to end-users. The name SHOULD be the full name of the User being
described, if known.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "nickName",
"type" : "string",
"multiValued" : false,
"description" : "The casual way to address the user in real
life, e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute
SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or
'mpepperidge').",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "profileUrl",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "A fully qualified URL pointing to a page
representing the User's online profile.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "title",
"type" : "string",
"multiValued" : false,
"description" : "The user's title, such as
\"Vice President.\"",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "userType",
"type" : "string",
"multiValued" : false,
"description" : "Used to identify the relationship between
the organization and the user. Typical values used might be
'Contractor', 'Employee', 'Intern', 'Temp', 'External', and
'Unknown', but any value may be used.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "profileUrl",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "A fully qualified URL pointing to a page
representing the User's online profile.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "title",
"type" : "string",
"multiValued" : false,
"description" : "The user's title, such as
\"Vice President.\"",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "userType",
"type" : "string",
"multiValued" : false,
"description" : "Used to identify the relationship between
the organization and the user. Typical values used might be
'Contractor', 'Employee', 'Intern', 'Temp', 'External', and
'Unknown', but any value may be used.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "preferredLanguage",
"type" : "string",
"multiValued" : false,
"description" : "Indicates the User's preferred written or
spoken language. Generally used for selecting a localized user
interface; e.g., 'en_US' specifies the language English and country
US.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "locale",
"type" : "string",
"multiValued" : false,
"description" : "Used to indicate the User's default location
for purposes of localizing items such as currency, date time format, or
numerical representations.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "timezone",
"type" : "string",
"multiValued" : false,
"description" : "The User's time zone in the 'Olson' time zone
database format, e.g., 'America/Los_Angeles'.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "preferredLanguage",
"type" : "string",
"multiValued" : false,
"description" : "Indicates the User's preferred written or
spoken language. Generally used for selecting a localized user
interface; e.g., 'en_US' specifies the language English and country
US.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "locale",
"type" : "string",
"multiValued" : false,
"description" : "Used to indicate the User's default location
for purposes of localizing items such as currency, date time format, or
numerical representations.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "timezone",
"type" : "string",
"multiValued" : false,
"description" : "The User's time zone in the 'Olson' time zone
database format, e.g., 'America/Los_Angeles'.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "active",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the User's
administrative status.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "password",
"type" : "string",
"multiValued" : false,
"description" : "The User's cleartext password. This
attribute is intended to be used as a means to specify an initial
password when creating a new User or to reset an existing User's
password.",
"required" : false,
"caseExact" : false,
"mutability" : "writeOnly",
"returned" : "never",
"uniqueness" : "none"
},
{
"name" : "emails",
"type" : "complex",
"multiValued" : true,
"description" : "Email addresses for the user. The value
SHOULD be canonicalized by the service provider, e.g.,
'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'.
Canonical type values of 'work', 'home', and 'other'.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Email addresses for the user. The value
SHOULD be canonicalized by the service provider, e.g.,
'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'.
Canonical type values of 'work', 'home', and 'other'.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "active",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the User's
administrative status.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "password",
"type" : "string",
"multiValued" : false,
"description" : "The User's cleartext password. This
attribute is intended to be used as a means to specify an initial
password when creating a new User or to reset an existing User's
password.",
"required" : false,
"caseExact" : false,
"mutability" : "writeOnly",
"returned" : "never",
"uniqueness" : "none"
},
{
"name" : "emails",
"type" : "complex",
"multiValued" : true,
"description" : "Email addresses for the user. The value
SHOULD be canonicalized by the service provider, e.g.,
'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'.
Canonical type values of 'work', 'home', and 'other'.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Email addresses for the user. The value
SHOULD be canonicalized by the service provider, e.g.,
'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'.
Canonical type values of 'work', 'home', and 'other'.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'work' or 'home'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"work",
"home",
"other"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
mailing address or primary email address. The primary attribute
value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'work' or 'home'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"work",
"home",
"other"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
mailing address or primary email address. The primary attribute
value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "phoneNumbers",
"type" : "complex",
"multiValued" : true,
"description" : "Phone numbers for the User. The value
SHOULD be canonicalized by the service provider according to the
format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'.
Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager',
and 'other'.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Phone number of the User.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "phoneNumbers",
"type" : "complex",
"multiValued" : true,
"description" : "Phone numbers for the User. The value
SHOULD be canonicalized by the service provider according to the
format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'.
Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager',
and 'other'.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Phone number of the User.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'work', 'home', 'mobile'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"work",
"home",
"mobile",
"fax",
"pager",
"other"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
phone number or primary phone number. The primary attribute value
'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'work', 'home', 'mobile'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"work",
"home",
"mobile",
"fax",
"pager",
"other"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
phone number or primary phone number. The primary attribute value
'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "ims",
"type" : "complex",
"multiValued" : true,
"description" : "Instant messaging addresses for the User.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Instant messaging address for the User.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "ims",
"type" : "complex",
"multiValued" : true,
"description" : "Instant messaging addresses for the User.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Instant messaging address for the User.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'aim', 'gtalk', 'xmpp'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"aim",
"gtalk",
"icq",
"xmpp",
"msn",
"skype",
"qq",
"yahoo"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
messenger or primary messenger. The primary attribute value 'true'
MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'aim', 'gtalk', 'xmpp'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"aim",
"gtalk",
"icq",
"xmpp",
"msn",
"skype",
"qq",
"yahoo"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
messenger or primary messenger. The primary attribute value 'true'
MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "photos",
"type" : "complex",
"multiValued" : true,
"description" : "URLs of photos of the User.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "URL of a photo of the User.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "photos",
"type" : "complex",
"multiValued" : true,
"description" : "URLs of photos of the User.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "URL of a photo of the User.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, i.e., 'photo' or 'thumbnail'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"photo",
"thumbnail"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
photo or thumbnail. The primary attribute value 'true' MUST appear
no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, i.e., 'photo' or 'thumbnail'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"photo",
"thumbnail"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute, e.g., the preferred
photo or thumbnail. The primary attribute value 'true' MUST appear
no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "addresses",
"type" : "complex",
"multiValued" : true,
"description" : "A physical mailing address for this User.
Canonical type values of 'work', 'home', and 'other'. This attribute
is a complex type with the following sub-attributes.",
"required" : false,
"subAttributes" : [
{
"name" : "formatted",
"type" : "string",
"multiValued" : false,
"description" : "The full mailing address, formatted for
display or use with a mailing label. This attribute MAY contain
newlines.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "streetAddress",
"type" : "string",
"multiValued" : false,
"description" : "The full street address component,
which may include house number, street name, P.O. box, and multi-line
extended street address information. This attribute MAY contain
newlines.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "locality",
"type" : "string",
"multiValued" : false,
"description" : "The city or locality component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "addresses",
"type" : "complex",
"multiValued" : true,
"description" : "A physical mailing address for this User.
Canonical type values of 'work', 'home', and 'other'. This attribute
is a complex type with the following sub-attributes.",
"required" : false,
"subAttributes" : [
{
"name" : "formatted",
"type" : "string",
"multiValued" : false,
"description" : "The full mailing address, formatted for
display or use with a mailing label. This attribute MAY contain
newlines.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "streetAddress",
"type" : "string",
"multiValued" : false,
"description" : "The full street address component,
which may include house number, street name, P.O. box, and multi-line
extended street address information. This attribute MAY contain
newlines.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "locality",
"type" : "string",
"multiValued" : false,
"description" : "The city or locality component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "region",
"type" : "string",
"multiValued" : false,
"description" : "The state or region component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "postalCode",
"type" : "string",
"multiValued" : false,
"description" : "The zip code or postal code component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "country",
"type" : "string",
"multiValued" : false,
"description" : "The country name component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "region",
"type" : "string",
"multiValued" : false,
"description" : "The state or region component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "postalCode",
"type" : "string",
"multiValued" : false,
"description" : "The zip code or postal code component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "country",
"type" : "string",
"multiValued" : false,
"description" : "The country name component.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'work' or 'home'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"work",
"home",
"other"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "groups",
"type" : "complex",
"multiValued" : true,
"description" : "A list of groups to which the user belongs,
either through direct membership, through nested groups, or
dynamically calculated.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The identifier of the User's group.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'work' or 'home'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"work",
"home",
"other"
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "groups",
"type" : "complex",
"multiValued" : true,
"description" : "A list of groups to which the user belongs,
either through direct membership, through nested groups, or
dynamically calculated.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The identifier of the User's group.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "$ref",
"type" : "reference",
"referenceTypes" : [
"User",
"Group"
],
"multiValued" : false,
"description" : "The URI of the corresponding 'Group'
resource to which the user belongs.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'direct' or 'indirect'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"direct",
"indirect"
],
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "$ref",
"type" : "reference",
"referenceTypes" : [
"User",
"Group"
],
"multiValued" : false,
"description" : "The URI of the corresponding 'Group'
resource to which the user belongs.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function, e.g., 'direct' or 'indirect'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"direct",
"indirect"
],
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "entitlements",
"type" : "complex",
"multiValued" : true,
"description" : "A list of entitlements for the User that
represent a thing the User has.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The value of an entitlement.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "entitlements",
"type" : "complex",
"multiValued" : true,
"description" : "A list of entitlements for the User that
represent a thing the User has.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The value of an entitlement.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute. The primary
attribute value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "roles",
"type" : "complex",
"multiValued" : true,
"description" : "A list of roles for the User that
collectively represent who the User is, e.g., 'Student', 'Faculty'.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The value of a role.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute. The primary
attribute value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "roles",
"type" : "complex",
"multiValued" : true,
"description" : "A list of roles for the User that
collectively represent who the User is, e.g., 'Student', 'Faculty'.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The value of a role.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute. The primary
attribute value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "x509Certificates",
"type" : "complex",
"multiValued" : true,
"description" : "A list of certificates issued to the User.",
"required" : false,
"caseExact" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "binary",
"multiValued" : false,
"description" : "The value of an X.509 certificate.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute. The primary
attribute value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
},
{
"name" : "x509Certificates",
"type" : "complex",
"multiValued" : true,
"description" : "A list of certificates issued to the User.",
"required" : false,
"caseExact" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "binary",
"multiValued" : false,
"description" : "The value of an X.509 certificate.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute. The primary
attribute value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
}
],
"meta" : {
"resourceType" : "Schema",
"location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User"
}
},
{
"name" : "display",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name, primarily used
for display purposes. READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the attribute's
function.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [],
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "primary",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the 'primary'
or preferred attribute value for this attribute. The primary
attribute value 'true' MUST appear no more than once.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
}
],
"mutability" : "readWrite",
"returned" : "default"
}
],
"meta" : {
"resourceType" : "Schema",
"location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User"
}
},
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:Group",
"name" : "Group",
"description" : "Group",
"attributes" : [
{
"name" : "displayName",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name for the Group.
REQUIRED.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "members",
"type" : "complex",
"multiValued" : true,
"description" : "A list of members of the Group.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Identifier of the member of this Group.",
"required" : false,
"caseExact" : false,
"mutability" : "immutable",
"returned" : "default",
"uniqueness" : "none"
},
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:Group",
"name" : "Group",
"description" : "Group",
"attributes" : [
{
"name" : "displayName",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable name for the Group.
REQUIRED.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "members",
"type" : "complex",
"multiValued" : true,
"description" : "A list of members of the Group.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "Identifier of the member of this Group.",
"required" : false,
"caseExact" : false,
"mutability" : "immutable",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "$ref",
"type" : "reference",
"referenceTypes" : [
"User",
"Group"
],
"multiValued" : false,
"description" : "The URI corresponding to a SCIM resource
that is a member of this Group.",
"required" : false,
"caseExact" : false,
"mutability" : "immutable",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the type of resource,
e.g., 'User' or 'Group'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"User",
"Group"
],
"mutability" : "immutable",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default"
}
],
"meta" : {
"resourceType" : "Schema",
"location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group"
}
},
{
"name" : "$ref",
"type" : "reference",
"referenceTypes" : [
"User",
"Group"
],
"multiValued" : false,
"description" : "The URI corresponding to a SCIM resource
that is a member of this Group.",
"required" : false,
"caseExact" : false,
"mutability" : "immutable",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "A label indicating the type of resource,
e.g., 'User' or 'Group'.",
"required" : false,
"caseExact" : false,
"canonicalValues" : [
"User",
"Group"
],
"mutability" : "immutable",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default"
}
],
"meta" : {
"resourceType" : "Schema",
"location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group"
}
},
{
"id" : "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"name" : "EnterpriseUser",
"description" : "Enterprise User",
"attributes" : [
{
"name" : "employeeNumber",
"type" : "string",
"multiValued" : false,
"description" : "Numeric or alphanumeric identifier assigned
to a person, typically based on order of hire or association with an
organization.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "costCenter",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of a cost center.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "organization",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of an organization.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"id" : "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"name" : "EnterpriseUser",
"description" : "Enterprise User",
"attributes" : [
{
"name" : "employeeNumber",
"type" : "string",
"multiValued" : false,
"description" : "Numeric or alphanumeric identifier assigned
to a person, typically based on order of hire or association with an
organization.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "costCenter",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of a cost center.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "organization",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of an organization.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "division",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of a division.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "department",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of a department.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "manager",
"type" : "complex",
"multiValued" : false,
"description" : "The User's manager. A complex type that
optionally allows service providers to represent organizational
hierarchy by referencing the 'id' attribute of another User.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The id of the SCIM resource representing
the User's manager. REQUIRED.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "division",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of a division.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "department",
"type" : "string",
"multiValued" : false,
"description" : "Identifies the name of a department.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "manager",
"type" : "complex",
"multiValued" : false,
"description" : "The User's manager. A complex type that
optionally allows service providers to represent organizational
hierarchy by referencing the 'id' attribute of another User.",
"required" : false,
"subAttributes" : [
{
"name" : "value",
"type" : "string",
"multiValued" : false,
"description" : "The id of the SCIM resource representing
the User's manager. REQUIRED.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "$ref",
"type" : "reference",
"referenceTypes" : [
"User"
],
"multiValued" : false,
"description" : "The URI of the SCIM resource
representing the User's manager. REQUIRED.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "displayName",
"type" : "string",
"multiValued" : false,
"description" : "The displayName of the User's manager.
OPTIONAL and READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default"
}
],
"meta" : {
"resourceType" : "Schema",
"location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
}
}
]
{
"name" : "$ref",
"type" : "reference",
"referenceTypes" : [
"User"
],
"multiValued" : false,
"description" : "The URI of the SCIM resource
representing the User's manager. REQUIRED.",
"required" : false,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "displayName",
"type" : "string",
"multiValued" : false,
"description" : "The displayName of the User's manager.
OPTIONAL and READ-ONLY.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
],
"mutability" : "readWrite",
"returned" : "default"
}
],
"meta" : {
"resourceType" : "Schema",
"location" :
"/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
}
}
]
Figure 9: Example JSON Representation for Resource Schema
图9:资源模式的JSON表示示例
The following is a representation of the SCIM schema for the fixed service provider schemas: ServiceProviderConfig, ResourceType, and Schema.
以下是固定服务提供者模式的SCIM模式的表示:ServiceProviderConfig、ResourceType和schema。
[
{
"id" :
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig",
"name" : "Service Provider Configuration",
"description" : "Schema for representing the service provider's
configuration",
"attributes" : [
{
"name" : "documentationUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
service provider's human-consumable help documentation.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
[
{
"id" :
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig",
"name" : "Service Provider Configuration",
"description" : "Schema for representing the service provider's
configuration",
"attributes" : [
{
"name" : "documentationUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
service provider's human-consumable help documentation.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "patch",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies PATCH
configuration options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
},
{
"name" : "bulk",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies bulk
configuration options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "patch",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies PATCH
configuration options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
},
{
"name" : "bulk",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies bulk
configuration options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "maxOperations",
"type" : "integer",
"multiValued" : false,
"description" : "An integer value specifying the maximum
number of operations.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "maxPayloadSize",
"type" : "integer",
"multiValued" : false,
"description" : "An integer value specifying the maximum
payload size in bytes.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
},
{
"name" : "filter",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies
FILTER options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "maxOperations",
"type" : "integer",
"multiValued" : false,
"description" : "An integer value specifying the maximum
number of operations.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "maxPayloadSize",
"type" : "integer",
"multiValued" : false,
"description" : "An integer value specifying the maximum
payload size in bytes.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
},
{
"name" : "filter",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies
FILTER options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "maxResults",
"type" : "integer",
"multiValued" : false,
"description" : "An integer value specifying the maximum
number of resources returned in a response.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
},
{
"name" : "changePassword",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies configuration
options related to changing a password.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
},
{
"name" : "maxResults",
"type" : "integer",
"multiValued" : false,
"description" : "An integer value specifying the maximum
number of resources returned in a response.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
},
{
"name" : "changePassword",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies configuration
options related to changing a password.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
},
{
"name" : "sort",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies sort result
options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
},
{
"name" : "authenticationSchemes",
"type" : "complex",
"multiValued" : true,
"description" : "A complex type that specifies supported
authentication scheme properties.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The common authentication scheme name,
e.g., HTTP Basic.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "sort",
"type" : "complex",
"multiValued" : false,
"description" : "A complex type that specifies sort result
options.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "supported",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value specifying whether or not
the operation is supported.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
},
{
"name" : "authenticationSchemes",
"type" : "complex",
"multiValued" : true,
"description" : "A complex type that specifies supported
authentication scheme properties.",
"required" : true,
"returned" : "default",
"mutability" : "readOnly",
"subAttributes" : [
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The common authentication scheme name,
e.g., HTTP Basic.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A description of the authentication
scheme.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "specUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's specification.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "documentationUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's usage documentation.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
}
]
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A description of the authentication
scheme.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "specUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's specification.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "documentationUri",
"type" : "reference",
"referenceTypes" : ["external"],
"multiValued" : false,
"description" : "An HTTP-addressable URL pointing to the
authentication scheme's usage documentation.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
}
]
},
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:ResourceType",
"name" : "ResourceType",
"description" : "Specifies the schema that describes a SCIM
resource type",
"attributes" : [
{
"name" : "id",
"type" : "string",
"multiValued" : false,
"description" : "The resource type's server unique id.
May be the same as the 'name' attribute.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The resource type name. When applicable,
service providers MUST specify the name, e.g., 'User'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "The resource type's human-readable
description. When applicable, service providers MUST
specify the description.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:ResourceType",
"name" : "ResourceType",
"description" : "Specifies the schema that describes a SCIM
resource type",
"attributes" : [
{
"name" : "id",
"type" : "string",
"multiValued" : false,
"description" : "The resource type's server unique id.
May be the same as the 'name' attribute.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The resource type name. When applicable,
service providers MUST specify the name, e.g., 'User'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "The resource type's human-readable
description. When applicable, service providers MUST
specify the description.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "endpoint",
"type" : "reference",
"referenceTypes" : ["uri"],
"multiValued" : false,
"description" : "The resource type's HTTP-addressable
endpoint relative to the Base URL, e.g., '/Users'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "schema",
"type" : "reference",
"referenceTypes" : ["uri"],
"multiValued" : false,
"description" : "The resource type's primary/base schema
URI.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "schemaExtensions",
"type" : "complex",
"multiValued" : false,
"description" : "A list of URIs of the resource type's schema
extensions.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"subAttributes" : [
{
"name" : "schema",
"type" : "reference",
"referenceTypes" : ["uri"],
"multiValued" : false,
"description" : "The URI of a schema extension.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "endpoint",
"type" : "reference",
"referenceTypes" : ["uri"],
"multiValued" : false,
"description" : "The resource type's HTTP-addressable
endpoint relative to the Base URL, e.g., '/Users'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "schema",
"type" : "reference",
"referenceTypes" : ["uri"],
"multiValued" : false,
"description" : "The resource type's primary/base schema
URI.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "schemaExtensions",
"type" : "complex",
"multiValued" : false,
"description" : "A list of URIs of the resource type's schema
extensions.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"subAttributes" : [
{
"name" : "schema",
"type" : "reference",
"referenceTypes" : ["uri"],
"multiValued" : false,
"description" : "The URI of a schema extension.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "required",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value that specifies whether
or not the schema extension is required for the
resource type. If true, a resource of this type MUST
include this schema extension and also include any
attributes declared as required in this schema extension.
If false, a resource of this type MAY omit this schema
extension.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
}
]
},
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:Schema",
"name" : "Schema",
"description" : "Specifies the schema that describes a
SCIM schema",
"attributes" : [
{
"name" : "id",
"type" : "string",
"multiValued" : false,
"description" : "The unique URI of the schema.
When applicable, service providers MUST specify the URI.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "required",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value that specifies whether
or not the schema extension is required for the
resource type. If true, a resource of this type MUST
include this schema extension and also include any
attributes declared as required in this schema extension.
If false, a resource of this type MAY omit this schema
extension.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
}
]
}
]
},
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:Schema",
"name" : "Schema",
"description" : "Specifies the schema that describes a
SCIM schema",
"attributes" : [
{
"name" : "id",
"type" : "string",
"multiValued" : false,
"description" : "The unique URI of the schema.
When applicable, service providers MUST specify the URI.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The schema's human-readable name. When
applicable, service providers MUST specify the name,
e.g., 'User'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "The schema's human-readable name. When
applicable, service providers MUST specify the name,
e.g., 'User'.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "attributes",
"type" : "complex",
"multiValued" : true,
"description" : "A complex attribute that includes the
attributes of a schema.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"subAttributes" : [
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's name.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The schema's human-readable name. When
applicable, service providers MUST specify the name,
e.g., 'User'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "The schema's human-readable name. When
applicable, service providers MUST specify the name,
e.g., 'User'.",
"required" : false,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "attributes",
"type" : "complex",
"multiValued" : true,
"description" : "A complex attribute that includes the
attributes of a schema.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default",
"subAttributes" : [
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's name.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's data type.
Valid values include 'string', 'complex', 'boolean',
'decimal', 'integer', 'dateTime', 'reference'.",
"required" : true,
"canonicalValues" : [
"string",
"complex",
"boolean",
"decimal",
"integer",
"dateTime",
"reference"
],
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "multiValued",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating an
attribute's plurality.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable description of the
attribute.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's data type.
Valid values include 'string', 'complex', 'boolean',
'decimal', 'integer', 'dateTime', 'reference'.",
"required" : true,
"canonicalValues" : [
"string",
"complex",
"boolean",
"decimal",
"integer",
"dateTime",
"reference"
],
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "multiValued",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating an
attribute's plurality.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable description of the
attribute.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "required",
"type" : "boolean",
"multiValued" : false,
"description" : "A boolean value indicating whether or
not the attribute is required.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "canonicalValues",
"type" : "string",
"multiValued" : true,
"description" : "A collection of canonical values. When
applicable, service providers MUST specify the
canonical types, e.g., 'work', 'home'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "caseExact",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating whether or
not a string attribute is case sensitive.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "required",
"type" : "boolean",
"multiValued" : false,
"description" : "A boolean value indicating whether or
not the attribute is required.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "canonicalValues",
"type" : "string",
"multiValued" : true,
"description" : "A collection of canonical values. When
applicable, service providers MUST specify the
canonical types, e.g., 'work', 'home'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "caseExact",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating whether or
not a string attribute is case sensitive.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "mutability",
"type" : "string",
"multiValued" : false,
"description" : "Indicates whether or not an attribute
is modifiable.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"readOnly",
"readWrite",
"immutable",
"writeOnly"
]
},
{
"name" : "returned",
"type" : "string",
"multiValued" : false,
"description" : "Indicates when an attribute is returned
in a response (e.g., to a query).",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"always",
"never",
"default",
"request"
]
},
{
"name" : "mutability",
"type" : "string",
"multiValued" : false,
"description" : "Indicates whether or not an attribute
is modifiable.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"readOnly",
"readWrite",
"immutable",
"writeOnly"
]
},
{
"name" : "returned",
"type" : "string",
"multiValued" : false,
"description" : "Indicates when an attribute is returned
in a response (e.g., to a query).",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"always",
"never",
"default",
"request"
]
},
{
"name" : "uniqueness",
"type" : "string",
"multiValued" : false,
"description" : "Indicates how unique a value must be.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"none",
"server",
"global"
]
},
{
"name" : "referenceTypes",
"type" : "string",
"multiValued" : true,
"description" : "Used only with an attribute of type
'reference'. Specifies a SCIM resourceType that a
reference attribute MAY refer to, e.g., 'User'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "uniqueness",
"type" : "string",
"multiValued" : false,
"description" : "Indicates how unique a value must be.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"none",
"server",
"global"
]
},
{
"name" : "referenceTypes",
"type" : "string",
"multiValued" : true,
"description" : "Used only with an attribute of type
'reference'. Specifies a SCIM resourceType that a
reference attribute MAY refer to, e.g., 'User'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "subAttributes",
"type" : "complex",
"multiValued" : true,
"description" : "Used to define the sub-attributes of a
complex attribute.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default",
"subAttributes" : [
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's name.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's data type.
Valid values include 'string', 'complex', 'boolean',
'decimal', 'integer', 'dateTime', 'reference'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"string",
"complex",
"boolean",
"decimal",
"integer",
"dateTime",
"reference"
]
},
{
"name" : "subAttributes",
"type" : "complex",
"multiValued" : true,
"description" : "Used to define the sub-attributes of a
complex attribute.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default",
"subAttributes" : [
{
"name" : "name",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's name.",
"required" : true,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "type",
"type" : "string",
"multiValued" : false,
"description" : "The attribute's data type.
Valid values include 'string', 'complex', 'boolean',
'decimal', 'integer', 'dateTime', 'reference'.",
"required" : true,
"caseExact" : false,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"string",
"complex",
"boolean",
"decimal",
"integer",
"dateTime",
"reference"
]
},
{
"name" : "multiValued",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating an
attribute's plurality.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable description of the
attribute.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "required",
"type" : "boolean",
"multiValued" : false,
"description" : "A boolean value indicating whether or
not the attribute is required.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "canonicalValues",
"type" : "string",
"multiValued" : true,
"description" : "A collection of canonical values. When
applicable, service providers MUST specify the
canonical types, e.g., 'work', 'home'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "multiValued",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating an
attribute's plurality.",
"required" : true,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "description",
"type" : "string",
"multiValued" : false,
"description" : "A human-readable description of the
attribute.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "required",
"type" : "boolean",
"multiValued" : false,
"description" : "A boolean value indicating whether or
not the attribute is required.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "canonicalValues",
"type" : "string",
"multiValued" : true,
"description" : "A collection of canonical values. When
applicable, service providers MUST specify the
canonical types, e.g., 'work', 'home'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
},
{
"name" : "caseExact",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating whether or
not a string attribute is case sensitive.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "mutability",
"type" : "string",
"multiValued" : false,
"description" : "Indicates whether or not an
attribute is modifiable.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"readOnly",
"readWrite",
"immutable",
"writeOnly"
]
},
{
"name" : "returned",
"type" : "string",
"multiValued" : false,
"description" : "Indicates when an attribute is
returned in a response (e.g., to a query).",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"always",
"never",
"default",
"request"
]
},
{
"name" : "caseExact",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating whether or
not a string attribute is case sensitive.",
"required" : false,
"mutability" : "readOnly",
"returned" : "default"
},
{
"name" : "mutability",
"type" : "string",
"multiValued" : false,
"description" : "Indicates whether or not an
attribute is modifiable.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"readOnly",
"readWrite",
"immutable",
"writeOnly"
]
},
{
"name" : "returned",
"type" : "string",
"multiValued" : false,
"description" : "Indicates when an attribute is
returned in a response (e.g., to a query).",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"always",
"never",
"default",
"request"
]
},
{
"name" : "uniqueness",
"type" : "string",
"multiValued" : false,
"description" : "Indicates how unique a value must be.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"none",
"server",
"global"
]
},
{
"name" : "referenceTypes",
"type" : "string",
"multiValued" : false,
"description" : "Used only with an attribute of type
'reference'. Specifies a SCIM resourceType that a
reference attribute MAY refer to, e.g., 'User'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
}
]
}
]
}
]
{
"name" : "uniqueness",
"type" : "string",
"multiValued" : false,
"description" : "Indicates how unique a value must be.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none",
"canonicalValues" : [
"none",
"server",
"global"
]
},
{
"name" : "referenceTypes",
"type" : "string",
"multiValued" : false,
"description" : "Used only with an attribute of type
'reference'. Specifies a SCIM resourceType that a
reference attribute MAY refer to, e.g., 'User'.",
"required" : false,
"caseExact" : true,
"mutability" : "readOnly",
"returned" : "default",
"uniqueness" : "none"
}
]
}
]
}
]
}
]
Figure 10: Representation of Fixed Service Provider Endpoint Schemas
图10:固定服务提供者端点模式的表示
SCIM data is intended to be exchanged using the SCIM protocol. It is important when handling data to implement the security considerations outlined in Section 7 of [RFC7644].
SCIM数据拟使用SCIM协议进行交换。在处理数据时,实现[RFC7644]第7节中概述的安全注意事项非常重要。
Passwords and other attributes related to security credentials are of an extremely sensitive nature and require special handling when transmitted or stored. While the SCIM protocol uses cleartext passwords for value assignment and equality-testing purposes, password values MUST NOT be stored in cleartext form.
与安全凭据相关的密码和其他属性具有极为敏感的性质,在传输或存储时需要特殊处理。虽然SCIM协议使用明文密码进行值分配和相等性测试,但密码值不得以明文形式存储。
Administrators should undertake industry best practices to protect the storage of credentials and in particular SHOULD follow recommendations outlined in Section 5.1.4.1 of [RFC6819]. These requirements include, but are not limited to, the following:
管理员应采用行业最佳实践来保护凭证的存储,尤其应遵循[RFC6819]第5.1.4.1节中概述的建议。这些要求包括但不限于以下内容:
o Provide injection attack countermeasures (e.g., by validating all inputs and parameters);
o 提供注入攻击对策(例如,通过验证所有输入和参数);
o Credentials should not be stored in cleartext form;
o 凭证不应以明文形式存储;
o Store credentials using an encrypted protection mechanism (e.g., hashing); and
o 使用加密保护机制(如哈希)存储凭据;和
o Where possible, avoid passwords as the sole form of authentication, and consider using credentials that are based on asymmetric cryptography.
o 在可能的情况下,避免将密码作为唯一的身份验证形式,并考虑使用基于非对称加密的凭据。
The SCIM core schema defines attributes that are sensitive and may be considered personally identifying information (PII). These privacy considerations should be considered for extensions as well as the schema defined in this specification.
SCIM核心模式定义了敏感的属性,这些属性可能被视为个人识别信息(PII)。对于扩展以及本规范中定义的模式,应考虑这些隐私注意事项。
For the purposes of this specification, PII is defined as any attribute that may be used as a unique key to identify a person (e.g., "User"). Since other information may be used in combination to identify an individual, all attributes in SCIM are considered "sensitive" personal information. Consult regional jurisdictions to see if there are special considerations for the handling of personal information (e.g., PII).
在本规范中,PII定义为可作为唯一密钥用于识别人员(例如,“用户”)的任何属性。由于其他信息可以组合使用来识别个人,因此SCIM中的所有属性都被视为“敏感”个人信息。请咨询区域司法管辖区,了解在处理个人信息(如PII)时是否有特殊考虑。
Information should be shared on an as-needed basis. A SCIM client should limit information to what it believes a service provider requires, and a SCIM service provider should only accept information it needs. Clients and service providers should take into consideration that personal information is being conveyed across technical (e.g., protocol and applications), administrative (e.g., organizational, corporate), and jurisdictional boundaries. In particular, information security and privacy must be considered.
应根据需要共享信息。SCIM客户端应将信息限制在其认为服务提供商需要的范围内,SCIM服务提供商应仅接受其需要的信息。客户和服务提供商应考虑到个人信息是跨技术(如协议和应用程序)、行政(如组织、公司)和管辖范围传递的。特别是,必须考虑信息安全和隐私。
Security service level agreements for the handling of these attributes are beyond the scope of this document but are to be carefully considered by implementers and deploying organizations.
处理这些属性的安全服务级别协议超出了本文档的范围,但实施者和部署组织应仔细考虑。
Please see the Privacy Considerations section of [RFC7644] for more protocol-specific considerations regarding the handling of SCIM information.
请参阅[RFC7644]的隐私注意事项部分,了解有关SCIM信息处理的更多协议特定注意事项。
SCIM defines attributes such as "id", "externalId", and SCIM resource URIs, which cause new PII to be generated; this information is important to the way that the SCIM protocol identifies and locates resources. Where possible, it is suggested that service providers take the following remediations:
SCIM定义诸如“id”、“externalId”和SCIM资源URI等属性,这些属性导致生成新的PII;这些信息对于SCIM协议识别和定位资源的方式非常重要。在可能的情况下,建议服务提供商采取以下补救措施:
o Where possible, assign and bind identifiers to specific tenants and/or clients. When multiple tenants are able to reference the same resource, they should do so via separate identifiers (id or externalId). This ensures that separate domains linked to the same information cannot perform identifier correlation.
o 在可能的情况下,为特定租户和/或客户分配和绑定标识符。当多个租户能够引用同一资源时,他们应该通过单独的标识符(id或externalId)来引用。这确保了链接到相同信息的单独域不能执行标识符关联。
o In the case of "externalId", if multiple values are supported, use access control to restrict access to the client domain that assigned the "externalId" value.
o 在“externalId”的情况下,如果支持多个值,请使用访问控制来限制对分配了“externalId”值的客户端域的访问。
o Ensure that access to data is appropriately restricted to authorized parties with a "need to know".
o 确保适当限制“需要知道”的授权方访问数据。
o When persisted, ensure that the appropriate protection mechanisms are in place to restrict access by unauthorized parties, including administrators or parties with access to backup data.
o 持久化后,请确保有适当的保护机制来限制未经授权的各方(包括管理员或有权访问备份数据的各方)的访问。
IANA has added an entry to the "IETF URN Sub-namespace for Registered Protocol Parameter Identifiers" registry and created a sub-namespace for the Registered Parameter Identifier as per [RFC3553]: "urn:ietf:params:scim".
IANA已在“注册协议参数标识符的IETF URN子命名空间”注册表中添加了一个条目,并根据[RFC3553]:“URN:IETF:params:scim”为注册参数标识符创建了子命名空间。
To manage this sub-namespace, IANA has created the "System for Cross-domain Identity Management (SCIM) Schema URIs" registry, which is used to manage entries within the "urn:ietf:params:scim" namespace. The registry description is as follows:
为了管理这个子名称空间,IANA创建了“跨域身份管理系统(SCIM)模式URI”注册表,该注册表用于管理“urn:ietf:params:SCIM”名称空间中的条目。注册表说明如下:
o Registry name: SCIM
o 注册名称:SCIM
o Specification: this document (RFC 7643)
o 规范:本文件(RFC 7643)
o Repository: See Section 10.2
o 存储库:见第10.2节
o Index value: See Section 10.2
o 索引值:见第10.2节
SCIM schemas and SCIM messages utilize URIs to identify the schema in use or other relevant context. This section creates and registers an IETF URN Sub-namespace for use in the SCIM specifications and future extensions.
SCIM模式和SCIM消息利用URI来标识正在使用的模式或其他相关上下文。本节创建并注册IETF URN子命名空间,以用于SCIM规范和未来扩展。
Namespace ID:
命名空间ID:
The Namespace ID "scim" has been assigned.
已分配命名空间ID“scim”。
Registration Information:
注册资料:
Version: 1
版本:1
Date: 2015-06-22
日期:2015-06-22
Declared registrant of the namespace:
已声明命名空间的注册人:
Registering organization The Internet Engineering Task Force
互联网工程特别工作组注册组织
Designated contact A designated expert will monitor the SCIM public mailing list, "scim@ietf.org".
指定联系人指定专家将监控SCIM公共邮件列表,”scim@ietf.org".
Declaration of Syntactic Structure:
句法结构声明:
The Namespace Specific String (NSS) of all URNs that use the "scim" Namespace ID shall have the following structure:
使用“scim”命名空间ID的所有URN的命名空间特定字符串(NSS)应具有以下结构:
urn:ietf:params:scim:{type}:{name}{:other}
urn:ietf:params:scim:{type}:{name}{:other}
The keywords have the following meaning:
这些关键字具有以下含义:
type The entity type, which is either "schemas" or "api".
键入实体类型,即“schemas”或“api”。
name A required US-ASCII string that conforms to the URN syntax requirements (see [RFC2141]) and defines a major namespace of a schema used within SCIM (e.g., "core", which is reserved for SCIM specifications). The value MAY also be an industry name or organization name.
命名符合URN语法要求的所需US-ASCII字符串(请参见[RFC2141]),并定义SCIM中使用的架构的主要命名空间(例如,“核心”,为SCIM规范保留)。该值也可以是行业名称或组织名称。
other Any US-ASCII string that conforms to the URN syntax requirements (see [RFC2141]) and defines the sub-namespace (which MAY be further broken down in namespaces delimited by colons) as needed to uniquely identify a schema.
其他任何符合URN语法要求的US-ASCII字符串(请参见[RFC2141]),并根据需要定义子命名空间(可以在以冒号分隔的命名空间中进一步细分),以唯一标识架构。
Relevant Ancillary Documentation:
相关辅助文件:
None
没有一个
Identifier Uniqueness Considerations:
标识符唯一性注意事项:
The designated contact shall be responsible for reviewing and enforcing uniqueness.
指定联系人应负责审查和执行唯一性。
Identifier Persistence Considerations:
标识符持久性注意事项:
Once a name has been allocated, it MUST NOT be reallocated for a different purpose. The rules provided for assignments of values within a sub-namespace MUST be constructed so that the meanings of values cannot change. This registration mechanism is not appropriate for naming values whose meanings may change over time.
一旦分配了名称,就不能为其他目的重新分配名称。必须构造为子命名空间中的值赋值提供的规则,以便值的含义不会更改。这种注册机制不适合命名含义可能随时间而变化的值。
As the SCIM specifications are updated and the SCIM protocol version is adjusted, a new registration will be made when significant changes are made -- for example, "urn:ietf:params:scim:schemas:core:1.0 (externally defined, not previously registered)" and "urn:ietf:params:scim:schemas:core:2.0".
随着SCIM规范的更新和SCIM协议版本的调整,在进行重大更改时将进行新的注册,例如,“urn:ietf:params:SCIM:schemas:core:1.0(外部定义,以前未注册)”和“urn:ietf:params:SCIM:schemas:core:2.0”。
Process of Identifier Assignment:
标识符分配过程:
Identifiers with namespace type "schema" (e.g., "urn:ietf:params:scim:schemas") are assigned after the review of the assigned contact via the SCIM public mailing list, "scim@ietf.org", as documented in Section 10.3.
命名空间类型为“schema”的标识符(例如,“urn:ietf:params:scim:schemas”)在通过scim公共邮件列表审查分配的联系人后分配scim@ietf.org“,如第10.3节所述。
Namespaces with type "api" (e.g., "urn:ietf:params:scim:api") and "param" (e.g., "urn:ietf:params:scim:param") are reserved for IETF-approved SCIM specifications.
类型为“api”(例如,“urn:ietf:params:scim:api”)和“param”(例如,“urn:ietf:params:scim:param”)的名称空间保留给ietf批准的scim规范。
Process of Identifier Resolution:
标识符解析过程:
The namespace is not currently listed with a Resolution Discovery System (RDS), but nothing about the namespace prohibits the future definition of appropriate resolution methods or listing with an RDS.
名称空间当前未与解析发现系统(RDS)一起列出,但名称空间的任何内容都不禁止将来定义适当的解析方法或与RDS一起列出。
Rules for Lexical Equivalence:
词汇对等规则:
No special considerations; the rules for lexical equivalence specified in [RFC2141] apply.
没有特别考虑;[RFC2141]中规定的词汇等效规则适用。
Conformance with URN Syntax:
符合URN语法:
No special considerations.
没有特别考虑。
Validation Mechanism:
验证机制:
None specified.
没有具体说明。
Scope:
范围:
Global.
全球的
This section defines the process for registering new SCIM schemas with IANA in the "System for Cross-domain Identity Management (SCIM) Schema URIs" registry (see Section 10.1). A schema URI is used as a value in the "schemas" attribute (Section 3) for the purpose of distinguishing extensions used in a SCIM resource.
本节定义了在“跨域身份管理系统(SCIM)模式URI”注册表中向IANA注册新SCIM模式的过程(参见第10.1节)。模式URI用作“schemas”属性(第3节)中的值,用于区分SCIM资源中使用的扩展。
The IETF has created a mailing list, scim@ietf.org, which can be used for public discussion of SCIM schema proposals prior to registration. Use of the mailing list is strongly encouraged. The IESG has appointed a designated expert [RFC5226] who will monitor the scim@ietf.org mailing list and review registrations.
IETF已经创建了一个邮件列表,scim@ietf.org,可用于在注册前公开讨论SCIM模式建议。强烈鼓励使用邮件列表。IESG已经任命了一名指定专家[RFC5226],负责监控scim@ietf.org邮件列表和审查注册。
Registration of new "core" schemas (e.g., in the namespace "urn:ietf:params:scim:schemas:core") and "API" schemas (e.g., in the namespace "urn:ietf:params:scim:api") MUST be reviewed by the designated expert and published in an RFC. An RFC is REQUIRED for the registration of new value data types that modify existing properties. An RFC is also REQUIRED for registration of SCIM schema URIs that modify SCIM schema previously documented in an existing RFC. URNs within "urn:ietf:params:scim" but outside the above namespaces MAY be registered with a simple review (e.g., check for spam) by the designated expert on a first-come-first-served basis.
新“核心”模式(例如,在名称空间“urn:ietf:params:scim:schemas:core”中)和“API”模式(例如,在名称空间“urn:ietf:params:scim:API”中)的注册必须由指定专家审查并在RFC中发布。注册修改现有属性的新值数据类型需要RFC。注册修改先前在现有RFC中记录的SCIM模式的SCIM模式URI时,还需要RFC。“urn:ietf:params:scim”内但上述名称空间外的urn可由指定专家以先到先得的方式通过简单审查(例如,检查垃圾邮件)进行注册。
The registration procedure begins when a completed registration template, defined in the sections below, is sent to scim@ietf.org and iana@iana.org. Within two weeks, the designated expert is expected to tell IANA and the submitter of the registration whether the registration is approved, approved with minor changes, or rejected with cause. When a registration is rejected with cause, it can be resubmitted if the concerns listed in the cause are addressed.
当以下各节中定义的已完成注册模板发送到时,注册过程开始scim@ietf.org和iana@iana.org. 在两周内,指定专家将告知IANA和注册提交人注册是否被批准、批准时有微小变更还是有理由拒绝。当注册因原因被拒绝时,如果原因中列出的问题得到解决,则可以重新提交注册。
Decisions made by the designated expert can be appealed to the IESG Applications Area Director, then to the IESG. They follow the normal appeals procedure for IESG decisions.
指定专家做出的决定可向IESG应用领域总监提出上诉,然后再向IESG提出上诉。他们遵循IESG裁决的正常上诉程序。
Once the registration procedure concludes successfully, IANA creates or modifies the corresponding record in the SCIM schema registry. The completed registration template is discarded.
注册过程成功结束后,IANA将在SCIM模式注册表中创建或修改相应的记录。已完成的注册模板将被丢弃。
An RFC specifying one or more new schema URIs MUST include the completed registration templates, which MAY be expanded with additional information. These completed templates are intended to go in the body of the document, not in the IANA Considerations section. The RFC SHOULD include any attributes defined.
指定一个或多个新架构URI的RFC必须包含已完成的注册模板,该模板可以用其他信息展开。这些已完成的模板将放在文档正文中,而不是IANA注意事项部分。RFC应包括定义的任何属性。
A SCIM schema URI is defined by completing the following template:
通过完成以下模板定义SCIM架构URI:
Schema URI: A unique URI for the SCIM schema extension.
模式URI:SCIM模式扩展的唯一URI。
Schema Name: A descriptive name of the schema extension (e.g., "Generic Device").
模式名称:模式扩展的描述性名称(例如,“通用设备”)。
Intended or Associated Resource Type: A value defining the resource type (e.g., "Device").
预期或关联的资源类型:定义资源类型的值(例如,“设备”)。
Purpose: A description of the purpose of the extension and/or its intended use.
目的:说明扩展的目的和/或其预期用途。
Single-value Attributes: A list and description of single-valued attributes defined, including complex attributes.
单值属性:定义的单值属性的列表和描述,包括复杂属性。
Multi-valued Attributes: A list and description of multi-valued attributes defined, including complex attributes.
多值属性:定义的多值属性的列表和描述,包括复杂属性。
The IANA has populated the "System for Cross-domain Identity Management (SCIM) Schema URIs" registry with the following registries for SCIM schema URIs, with pointers to appropriate reference documents. Note: The schema URIs listed below are broken into two lines for readability.
IANA已使用以下SCIM模式URI注册表填充了“跨域身份管理系统(SCIM)模式URI”注册表,并带有指向适当参考文档的指针。注意:为了可读性,下面列出的模式URI分为两行。
+-----------------------------------+-----------------+-------------+
| Schema URI | Name | Reference |
+-----------------------------------+-----------------+-------------+
| urn:ietf:params:scim:schemas: | User Resource | See Section |
| core:2.0:User | | 4.1 |
| | | |
| urn:ietf:params:scim:schemas: | Enterprise User | See Section |
| extension:enterprise:2.0:User | Extension | 4.3 |
| | | |
| urn:ietf:params:scim:schemas: | Group Resource | See Section |
| core:2.0:Group | | 4.2 |
+-----------------------------------+-----------------+-------------+
+-----------------------------------+-----------------+-------------+
| Schema URI | Name | Reference |
+-----------------------------------+-----------------+-------------+
| urn:ietf:params:scim:schemas: | User Resource | See Section |
| core:2.0:User | | 4.1 |
| | | |
| urn:ietf:params:scim:schemas: | Enterprise User | See Section |
| extension:enterprise:2.0:User | Extension | 4.3 |
| | | |
| urn:ietf:params:scim:schemas: | Group Resource | See Section |
| core:2.0:Group | | 4.2 |
+-----------------------------------+-----------------+-------------+
SCIM Schema URIs for Data Resources
用于数据资源的SCIM架构URI
+-----------------------------------+-------------------+-----------+
| Schema URI | Name | Reference |
+-----------------------------------+-------------------+-----------+
| urn:ietf:params:scim:schemas: | Service Provider | See |
| core:2.0:ServiceProviderConfig | Configuration | Section 5 |
| | Schema | |
| | | |
| urn:ietf:params:scim:schemas: | Resource Type | See |
| core:2.0:ResourceType | Configuration | Section 6 |
| | | |
| urn:ietf:params:scim:schemas: | Schema | See |
| core:2.0:Schema | Definitions | Section 7 |
| | Schema | |
+-----------------------------------+-------------------+-----------+
+-----------------------------------+-------------------+-----------+
| Schema URI | Name | Reference |
+-----------------------------------+-------------------+-----------+
| urn:ietf:params:scim:schemas: | Service Provider | See |
| core:2.0:ServiceProviderConfig | Configuration | Section 5 |
| | Schema | |
| | | |
| urn:ietf:params:scim:schemas: | Resource Type | See |
| core:2.0:ResourceType | Configuration | Section 6 |
| | | |
| urn:ietf:params:scim:schemas: | Schema | See |
| core:2.0:Schema | Definitions | Section 7 |
| | Schema | |
+-----------------------------------+-------------------+-----------+
SCIM Server-Related Schema URIs
SCIM服务器相关架构URI
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC2141] Moats, R., "URN Syntax", RFC 2141, DOI 10.17487/RFC2141, May 1997, <http://www.rfc-editor.org/info/rfc2141>.
[RFC2141]护城河,R.,“瓮语法”,RFC 2141,DOI 10.17487/RFC2141,1997年5月<http://www.rfc-editor.org/info/rfc2141>.
[RFC3553] Mealling, M., Masinter, L., Hardie, T., and G. Klyne, "An IETF URN Sub-namespace for Registered Protocol Parameters", BCP 73, RFC 3553, DOI 10.17487/RFC3553, June 2003, <http://www.rfc-editor.org/info/rfc3553>.
[RFC3553]Mealling,M.,Masinter,L.,Hardie,T.,和G.Klyne,“注册协议参数的IETF URN子命名空间”,BCP 73,RFC 3553,DOI 10.17487/RFC3553,2003年6月<http://www.rfc-editor.org/info/rfc3553>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 2003, <http://www.rfc-editor.org/info/rfc3629>.
[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,DOI 10.17487/RFC3629,2003年11月<http://www.rfc-editor.org/info/rfc3629>.
[RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, DOI 10.17487/RFC3966, December 2004, <http://www.rfc-editor.org/info/rfc3966>.
[RFC3966]Schulzrinne,H.,“电话号码的电话URI”,RFC 3966,DOI 10.17487/RFC3966,2004年12月<http://www.rfc-editor.org/info/rfc3966>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <http://www.rfc-editor.org/info/rfc3986>.
[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,DOI 10.17487/RFC3986,2005年1月<http://www.rfc-editor.org/info/rfc3986>.
[RFC4647] Phillips, A. and M. Davis, "Matching of Language Tags", BCP 47, RFC 4647, DOI 10.17487/RFC4647, September 2006, <http://www.rfc-editor.org/info/rfc4647>.
[RFC4647]Phillips,A.和M.Davis,“语言标记的匹配”,BCP 47,RFC 4647,DOI 10.17487/RFC4647,2006年9月<http://www.rfc-editor.org/info/rfc4647>.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, <http://www.rfc-editor.org/info/rfc4648>.
[RFC4648]Josefsson,S.,“Base16、Base32和Base64数据编码”,RFC 4648,DOI 10.17487/RFC4648,2006年10月<http://www.rfc-editor.org/info/rfc4648>.
[RFC5234] Crocker, D., Ed., and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/ RFC5234, January 2008, <http://www.rfc-editor.org/info/rfc5234>.
[RFC5234]Crocker,D.,Ed.,和P.Overell,“语法规范的扩充BNF:ABNF”,STD 68,RFC 5234,DOI 10.17487/RFC5234,2008年1月<http://www.rfc-editor.org/info/rfc5234>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, <http://www.rfc-editor.org/info/rfc5280>.
[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 5280,DOI 10.17487/RFC5280,2008年5月<http://www.rfc-editor.org/info/rfc5280>.
[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, DOI 10.17487/RFC5321, October 2008, <http://www.rfc-editor.org/info/rfc5321>.
[RFC5321]Klensin,J.,“简单邮件传输协议”,RFC 5321DOI 10.17487/RFC5321,2008年10月<http://www.rfc-editor.org/info/rfc5321>.
[RFC5646] Phillips, A., Ed., and M. Davis, Ed., "Tags for Identifying Languages", BCP 47, RFC 5646, DOI 10.17487/RFC5646, September 2009, <http://www.rfc-editor.org/info/rfc5646>.
[RFC5646]Phillips,A.,Ed.,和M.Davis,Ed.,“识别语言的标签”,BCP 47,RFC 5646,DOI 10.17487/RFC5646,2009年9月<http://www.rfc-editor.org/info/rfc5646>.
[RFC6557] Lear, E. and P. Eggert, "Procedures for Maintaining the Time Zone Database", BCP 175, RFC 6557, DOI 10.17487/RFC6557, February 2012, <http://www.rfc-editor.org/info/rfc6557>.
[RFC6557]Lear,E.和P.Eggert,“时区数据库维护程序”,BCP 175,RFC 6557,DOI 10.17487/RFC6557,2012年2月<http://www.rfc-editor.org/info/rfc6557>.
[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March 2014, <http://www.rfc-editor.org/info/rfc7159>.
[RFC7159]Bray,T.,Ed.“JavaScript对象表示法(JSON)数据交换格式”,RFC 7159,DOI 10.17487/RFC7159,2014年3月<http://www.rfc-editor.org/info/rfc7159>.
[RFC7231] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014, <http://www.rfc-editor.org/info/rfc7231>.
[RFC7231]Fielding,R.,Ed.,和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):语义和内容”,RFC 7231,DOI 10.17487/RFC72312014年6月<http://www.rfc-editor.org/info/rfc7231>.
[RFC7232] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests", RFC 7232, DOI 10.17487/RFC7232, June 2014, <http://www.rfc-editor.org/info/rfc7232>.
[RFC7232]Fielding,R.,Ed.,和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):条件请求”,RFC 7232,DOI 10.17487/RFC72322014年6月<http://www.rfc-editor.org/info/rfc7232>.
[RFC7644] Hunt, P., Ed., Grizzle, K., Ansari, M., Wahlstroem, E., and C. Mortimore, "System for Cross-domain Identity Management: Protocol", RFC 7644, DOI 10.17487/RFC7644, September 2015, <http://www.rfc-editor.org/info/rfc7644>.
[RFC7644]Hunt,P.,Ed.,Grizzle,K.,Ansari,M.,Wahlstroem,E.,和C.Mortimore,“跨域身份管理系统:协议”,RFC 7644,DOI 10.17487/RFC76442015年9月<http://www.rfc-editor.org/info/rfc7644>.
[ISO3166] International Organization for Standardization, "Codes for the representation of names of countries and their subdivisions - Part 1: Country codes", ISO 3166-1:2013, November 2013, <http://www.iso.org>.
[ISO3166]国际标准化组织,“国家及其分支机构名称表示代码-第1部分:国家代码”,ISO 3166-1:2013,2013年11月<http://www.iso.org>.
[Olson-TZ] Internet Assigned Numbers Authority, "IANA Time Zone Database", <https://www.iana.org/time-zones>.
[Olson TZ]互联网分配号码管理局,“IANA时区数据库”<https://www.iana.org/time-zones>.
[PortableContacts] Smarr, J., "Portable Contacts 1.0 Draft C - Schema Only", August 2008, <http://www.portablecontacts.net/draft-spec.html>.
[PortableContacts]Smarr,J.,“PortableContacts 1.0草案C-仅限模式”,2008年8月<http://www.portablecontacts.net/draft-spec.html>.
[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, January 1998, <http://www.rfc-editor.org/info/rfc2277>.
[RFC2277]Alvestrand,H.,“IETF字符集和语言政策”,BCP 18,RFC 2277,DOI 10.17487/RFC2277,1998年1月<http://www.rfc-editor.org/info/rfc2277>.
[RFC4512] Zeilenga, K., Ed., "Lightweight Directory Access Protocol (LDAP): Directory Information Models", RFC 4512, DOI 10.17487/RFC4512, June 2006, <http://www.rfc-editor.org/info/rfc4512>.
[RFC4512]Zeilenga,K.,Ed.“轻量级目录访问协议(LDAP):目录信息模型”,RFC 4512,DOI 10.17487/RFC4512,2006年6月<http://www.rfc-editor.org/info/rfc4512>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,DOI 10.17487/RFC5226,2008年5月<http://www.rfc-editor.org/info/rfc5226>.
[RFC6350] Perreault, S., "vCard Format Specification", RFC 6350, DOI 10.17487/RFC6350, August 2011, <http://www.rfc-editor.org/info/rfc6350>.
[RFC6350]Perreault,S.,“vCard格式规范”,RFC 6350,DOI 10.17487/RFC6350,2011年8月<http://www.rfc-editor.org/info/rfc6350>.
[RFC6749] Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749, DOI 10.17487/RFC6749, October 2012, <http://www.rfc-editor.org/info/rfc6749>.
[RFC6749]Hardt,D.,Ed.“OAuth 2.0授权框架”,RFC 6749,DOI 10.17487/RFC6749,2012年10月<http://www.rfc-editor.org/info/rfc6749>.
[RFC6819] Lodderstedt, T., Ed., McGloin, M., and P. Hunt, "OAuth 2.0 Threat Model and Security Considerations", RFC 6819, DOI 10.17487/RFC6819, January 2013, <http://www.rfc-editor.org/info/rfc6819>.
[RFC6819]Lodderstet,T.,Ed.,McGloin,M.,和P.Hunt,“OAuth 2.0威胁模型和安全考虑”,RFC 6819,DOI 10.17487/RFC6819,2013年1月<http://www.rfc-editor.org/info/rfc6819>.
[XML-Schema] Peterson, D., Gao, S., Malhotra, A., Sperberg-McQueen, C., and H. Thompson, "XML Schema Definition Language (XSD) 1.1 Part 2: Datatypes", April 2012, <http://www.w3.org/TR/xmlschema11-2/>.
[XML模式]Peterson,D.,Gao,S.,Malhotra,A.,Sperberg McQueen,C.,和H.Thompson,“XML模式定义语言(XSD)1.1第2部分:数据类型”,2012年4月<http://www.w3.org/TR/xmlschema11-2/>.
Acknowledgements
致谢
The editor would like to acknowledge the contribution and work of the editors of draft versions of this document:
编辑谨感谢本文件草稿编辑的贡献和工作:
Chuck Mortimore, Salesforce
查克·莫蒂莫尔,销售人员
Patrick Harding, Ping
帕特里克·哈丁,平
Paul Madsen, Ping
保罗马德森,平
Trey Drake, UnboundID
特雷·德雷克,无拘无束
The SCIM Community would like to thank the following people for the work they've done in the research, formulation, drafting, editing, and support of this specification.
SCIM社区感谢以下人员在本规范的研究、制定、起草、编辑和支持方面所做的工作。
Morteza Ansari (morteza.ansari@cisco.com)
莫特扎·安萨里(莫特扎)。ansari@cisco.com)
Sidharth Choudhury (schoudhury@salesforce.com)
西哈特乔杜里(schoudhury@salesforce.com)
Samuel Erdtman (samuel@erdtman.se)
塞缪尔·埃尔特曼(samuel@erdtman.se)
Kelly Grizzle (kelly.grizzle@sailpoint.com)
凯利·格里泽(凯利。grizzle@sailpoint.com)
Chris Phillips (cjphillips@gmail.com)
克里斯·菲利普斯(cjphillips@gmail.com)
Erik Wahlstroem (erik.wahlstrom@nexusgroup.com)
埃里克·沃尔斯特伦(埃里克。wahlstrom@nexusgroup.com)
Phil Hunt (phil.hunt@yahoo.com)
菲尔·亨特(菲尔。hunt@yahoo.com)
Special thanks to Joseph Smarr, whose excellent work on the Portable Contacts Specification [PortableContacts] provided a basis for the SCIM schema structure and text.
特别感谢Joseph Smarr,他在Portable Contacts规范[PortableContacts]方面的出色工作为SCIM模式结构和文本提供了基础。
Authors' Addresses
作者地址
Phil Hunt (editor) Oracle Corporation
菲尔·亨特(编辑)甲骨文公司
Email: phil.hunt@yahoo.com
Email: phil.hunt@yahoo.com
Kelly Grizzle SailPoint
凯利·格里泽赛点
Email: kelly.grizzle@sailpoint.com
Email: kelly.grizzle@sailpoint.com
Erik Wahlstroem Nexus Technology
Erik Wahlstroem Nexus技术
Email: erik.wahlstrom@nexusgroup.com
Email: erik.wahlstrom@nexusgroup.com
Chuck Mortimore Salesforce.com
Chuck Mortimore Salesforce.com
Email: cmortimore@salesforce.com
Email: cmortimore@salesforce.com