]> Microsoft

mwahl@microsoft.com

Security System for Cross-domain Identity Management Internet-Draft The System for Cross-domain Identity Management (SCIM) specifications are designed to make identity management in cloud-based applications and services easier. This document provides a platform-neutral schema for representing AI agents' identities in JSON format, enabling them to be transferred in the SCIM protocol to the service. This establishes an agentic identity so that an agent can subsequently be authenticated and authorized to interact with the service. About This Document Status information for this document may be found at . Discussion of this document takes place on the System for Cross-domain Identity Management Working Group mailing list (), which is archived at . Subscribe at .

Introduction The SCIM protocol and core schema are widely implemented for provisioning records for users into services. The default schema for those user records includes attributes such as a person's name, their desired group memberships, and a password that the user. This enables a SCIM client to inform a SCIM server component of a service of a new user, so that user can be identified in and subsequently authenticated to the service. SCIM also enables lifecycle controls for the SCIM client to update and remove that user record in that service, and associate that user with groups, roles and entitlements. With the growth of agentic AI, agents will also need to be able to interact with services. Some services will require an agent to have identities represented in those services. The attributes of an agent identity in a SCIM server can be different from the attributes of a human user identity. Some services allow OAuth protocols such as token exchange for an agent's authentication to the service, without needing a shared secret credential between each agent and the service. However, similar to users, an agent's identity might have access rights in the service, represented through relationships of the agent's identity with groups, roles and entitlements in a service. As SCIM is familiar within the enterprise and agents often need the same lifecycle signals and group, role or entitlement memberships as users, defining a schema to transport agentic identities in the SCIM protocol simplifies deployment and enables subsequent authentication interactions, consistent controls for those agent's identities and access rights.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

SCIM Schema for Agentic Identity As an extension to SCIM schema, sections 3.2 and 3.3, this specification includes one new resource type:

• AgenticIdentity: A resource of this type represents an identity of an agent to the service. It includes attributes of an agentic identity needed to be known by a service, including OPTIONAL references to the agentic identity's group memberships, roles and entitlements.

Resources of this type are conveyed in the SCIM protocol using JSON . Extension schemas can be defined to extend this resource type, allowing additional attributes.

Single-valued Attributes The resource type AgenticIdentity has the following single-valued attributes. A SCIM server which implements the Agentic Identity schema MUST recognize these attributes.

• active: A boolean value indicating the agentic identity's administrative status. If absent, then an agentic identity is assumed to be active. A SCIM client can indicate that an agentic identity is inactive by setting it to false. The definitive meaning of this attribute is determined by the SCIM server. Support for this attribute in a SCIM client is OPTIONAL.
• agenticApplicationId: The value of this attribute is a string with the id of an agentic application, that is assigned by the SCIM client, enabling correlation and reporting in the service for an agentic application that has multiple identities. The attribute MAY be included when the AgenticIdentity is created. The definitive meaning of this attribute is determined by the SCIM client. Support for this attribute in a SCIM client is OPTIONAL.
• description: The value of this attribute is a string with the agentic identity's human-readable description. Support for this attribute in a SCIM client is OPTIONAL.
• displayName: The value of this attribute is a string with the human-readable name of the agentic identity, suitable for display to end-users. Support for this attribute in a SCIM client is RECOMMENDED.

In addition, the AgenticIdentity also has the attributes "externalId", "id", "meta" and "schemas", as described in sections 3 and 3.1 of .

Multi-valued Attributes The resource type AgenticIdentity has the following multi-valued attributes. A SCIM server which implements the Agentic Identity schema SHOULD recognize the attributes "entitlements", "groups", "owners" and "roles". A SCIM server in a service that also supports OAuth token exchange for agent authentication SHOULD recognize the attribute "oAuthClientIdentifiers".

• entitlements: A list of entitlements for the agentic identity that represent a thing the agentic identity has. This attribute is analogous to the "entitlements" attribute of a user as described in section 4.1.2 of .
• groups: A list of groups to which the agentic identity belongs, either through direct membership, through nested groups, or dynamically calculated. This attribute is analogous to the "groups" attribute of a user as described in section 4.1.2 of .
• oAuthClientIdentifiers: Each value of the attribute is a complex type that describes the OAuth parameters of an agentic identity, for agentic identities that will be authenticating to a service using OAuth token exchange . Support for this attribute is OPTIONAL. This attribute has six string-valued sub-attributes.
  • audiences: The values of this sub-attribute MAY be present. They are included by the SCIM server in a POST, GET or other response. The format of each value is defined as that of the "aud" claim of section 4.1.3 of .
  • clientId: The value of this sub-attribute is a client identifier, as described of section 2.2 of . It is returned by the SCIM server. They are included by the SCIM server in a POST, GET or other response.
  • description: An OPTIONAL human-readable string that further describes the oAuth client identity.
  • issuer: The identity of the identity provider of the agent. The format of the value is defined as that of "iss" claim of section 4.1.1 of .
  • name: A human-readable name for the OAuth client identity that will be be used by the agent.
  • subject: The identifier of the agent within the identity provider. The format of the value is defined as that of the "sub" claim of section 4.1.2 of .
• owners: A list of the responsible parties for an agentic identity. Each value is a complex type that allows referencing the "id" attribute of a user, a group or other resource already known to the SCIM server. Each value has the following three string sub-attributes.
  • value: The "id" of the SCIM resource representing the an owner of an agentic identity. RECOMMENDED.
  • $ref: The URI of the SCIM resource representing an owner of an agentic identity. RECOMMENDED.
  • displayName: The displayName of the agentic identity's owner. This attribute is OPTIONAL, and mutability is "readOnly".
• roles: A list of roles for the agentic identity. This attribute is analogous to the "roles" attribute of a user as described in section 4.1.2 of .

AgenticIdentity Resource Schema The AgenticIdentity resource type is for Agentic identity resources. The schema for AgenticIdentity is identified using the following schema URI: "urn:ietf:params:scim:schemas:core:2.0:AgenticIdentity". The following is a non-normative example of the SCIM schema representation of an agentic identity in JSON format. Long URL values have been trimmed for formatting.

Updates to Existing Schema To allow an agentic identity to be a member of a group, this memo augments the definition of the "members" attribute of as follows:

• allow the referenceTypes of the members "$ref" sub-attribute to also refer to an AgenticIdentity
• allow the canonicalValues of the members "type" sub-attribute to also allow for "AgenticIdentity"

Operations on an Agentic Identity A SCIM client and SCIM server exchange agentic identity resources using the SCIM protocol of section 3 of . Support for bulk operations, as described in section 3.7 of is OPTIONAL. How the SCIM client authenticates to the SCIM server and is authorized by the SCIM server to perform protocol operations for agentic identities is outside the scope of this document. The following is a non-normative example of a SCIM client using two SCIM operations, to create an agentic identity record in the SCIM server and then add the agentic identity to a group, and then using a SCIM operation to remove that agentic identity from the SCIM server. 201 Created { "id": "95c...", ...} <--------------------------------------------- PATCH /Groups/acbf...-9b4da3f908ce { "Operations":[ {"op":"add", "path":"members", ... }]} ---------------------------------------------> 200 OK <--------------------------------------------- ... DELETE /AgenticIdentities/95c... ---------------------------------------------> 204 No Content <--------------------------------------------- ]]>

Agentic Identity Creation To inform a service of an agent's identity, a SCIM client sends a POST request containing a "AgenticIdentity" to the "/AgenticIdentities" endpoint. The POST request MUST include the following attributes "schemas" and MAY include the following attributes "externalId", "active", "agenticApplicationId", "description", "displayName", "entitlements", "oAuthClientIdentifiers", "owners", "roles". In response, a SCIM server signals successful creation with an HTTP status code 201 (Created) and returns a representation of the resource created. The response MUST include the following attributes "id", and "meta". In addition, if the request included the "oAuthClientIdentifiers" attribute, then values of the "issuer", "name" and "subject" sub-attributes MUST be included by the SCIM client in each attribute value, and the response MUST include the "oAuthClientIdentifiers" attribute.

Agentic Identity Retrieval A SCIM client can retrieve an agentic identity resource using the patterns shown in section 3.4.

Agentic Identity Updates An agentic identity resource's attributes can be modified by a SCIM client using the patterns shown in section 3.5. If the "oAuthClientIdentifiers" attribute is supplied by a SCIM client in a PUT or PATCH request to update an AgenticIdentity, then values of the "issuer", "name" and "subject" sub-attributes MUST be included by the SCIM client in each attribute value.

Update Group Membership of an Agentic Identity A group membership of an agentic identity can be changed by a SCIM client updating the "members" of the group to add, remove or replace the agentic identity as one of the values. The following is an example representation of a PATCH request for a group to add an agentic identity as a member, showing the basic JSON structure (non-normative):

Agentic Identity Deletion A SCIM client can retrieve an agentic identity resource using the patterns shown in section 3.6.

Security Considerations SCIM data is intended to be exchanged using the SCIM protocol. It is important when handling data to implement the security considerations outlined in Section 7 of . When the agentic identity is intended to be used in subsequent OAuth interactions, the guidance from section 10 of also applies, and when it is intended to be used with OAuth token exchange interactions, the guidance from section 5 of also applies.

Privacy The text of this privacy section is derived from the corresponding privacy section of . Information should be shared on an as-needed basis. A SCIM client should limit information to what it believes a SCIM server requires, and a SCIM server should only accept information it needs. Clients and servers should take into consideration that sensitive information is being conveyed across technical (e.g., protocol and applications), administrative (e.g., organizational, corporate), and jurisdictional boundaries. In particular, information security and privacy must be considered. Security service level agreements for the handling of these attributes are beyond the scope of this document but are to be carefully considered by implementers and deploying organizations. Please see the Privacy Considerations section of for more protocol-specific considerations regarding the handling of SCIM information.

IANA Considerations

New Schema When published as an RFC, the IANA is requested to add the following to the "SCIM Schema URIs for Data Resources" established in : SCIM Schema URI for Agentic Identity

Schema URI	Name	Reference
urn:ietf:params:scim:schemas:core: 2.0:AgenticIdentity	Agentic Identity Resource	This memo, section 3

References Normative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. The System for Cross-domain Identity Management (SCIM) specifications are designed to make identity management in cloud-based applications and services easier. The specification suite builds upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. Its intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model as well as binding documents to provide patterns for exchanging this schema using HTTP. This document provides a platform-neutral schema and extension model for representing users and groups and other resource types in JSON format. This schema is intended for exchange and use with cloud service providers. The System for Cross-domain Identity Management (SCIM) specification is an HTTP-based protocol that makes managing identities in multi-domain scenarios easier to support via a standardized service. Examples include, but are not limited to, enterprise-to-cloud service providers and inter-cloud scenarios. The specification suite seeks to build upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. SCIM's intent is to reduce the cost and complexity of user management operations by providing a common user schema, an extension model, and a service protocol defined by this document. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849. [STANDARDS-TRACK] JavaScript Object Notation (JSON) is a lightweight, text-based, language-independent data interchange format. It was derived from the ECMAScript Programming Language Standard. JSON defines a small set of formatting rules for the portable representation of structured data. This document removes inconsistencies with other specifications of JSON, repairs specification errors, and offers experience-based interoperability guidance. JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References This specification defines a protocol for an HTTP- and JSON-based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.

Changes From Earlier Versions

• Changes in -01: Added missing page header and table labels; no protocol or data model changes.
• -00: Initial revision.

Acknowledgments The editor would like to acknowledge the contribution and work of the authors of the SCIM RFCs and and of other SCIM Internet-Drafts, the participants of the IETF SCIM WG, and the SCIM Community.