scim B. Greevenbosch Internet-Draft Huawei Technologies Intended status: Standards Track February 12, 2014 Expires: August 16, 2014 SCIM and vCard mapping draft-greevenbosch-scim-vcard-mapping-03 Abstract This document defines a mapping between SCIM and vCard. Note Discussion and suggestions for improvement are requested, and should be sent to scim@ietf.org. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 16, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Greevenbosch Expires August 16, 2014 [Page 1] Internet-Draft SCIM/vCard mapping February 2014 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 3. Mapping from SCIM to vCard . . . . . . . . . . . . . . . . . 3 3.1. Mapping of SCIM attributes to vCard properties . . . . . 3 3.2. Mapping of SCIM attributes to vCard parameters . . . . . 9 4. Mapping from vCard properties to SCIM attributes . . . . . . 11 4.1. Mapping of vCard properties . . . . . . . . . . . . . . . 11 4.2. Mapping of vCard parameters . . . . . . . . . . . . . . . 16 5. Mapping between SCIM and vCard IDs . . . . . . . . . . . . . 16 6. Differences between vCard and SCIM . . . . . . . . . . . . . 17 7. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 17 7.1. Mapping from SCIM to vCard . . . . . . . . . . . . . . . 18 7.2. Mapping from vCard to SCIM . . . . . . . . . . . . . . . 22 8. Open issues . . . . . . . . . . . . . . . . . . . . . . . . . 25 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 10. Security Considerations . . . . . . . . . . . . . . . . . . . 25 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 26 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 12.1. Normative References . . . . . . . . . . . . . . . . . . 26 12.2. Informative References . . . . . . . . . . . . . . . . . 26 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 27 1. Introduction The SCIM core schema [I-D.ietf-scim-core-schema] defines a platform neutral data and extension model for representing users of cloud services. SCIM core also defines XML and JSON serialisations of the abstract schema. This document defines a mapping between SCIM and vCard [RFC6350]. The mapping may serve several purposes: o To provide a unified conversion mechanism between SCIM and vCard. o To identify properties that are defined in vCard, but are missing in SCIM. o To identify SCIM attributes that may be useful in vCard too. Greevenbosch Expires August 16, 2014 [Page 2] Internet-Draft SCIM/vCard mapping February 2014 2. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Mapping from SCIM to vCard When mapping SCIM attributes to vCard, they may either become mapped to vCard properties or to vCard attribues associated with vCard properties. Section 3.1 defines the mappings to the vCard properties, whereas Section 3.2 defines mappings to vCard attributes. In addition, in accordance to [RFC6350], the vCard representation MUST include the mandatory fields: o VERSION o FN 3.1. Mapping of SCIM attributes to vCard properties Table 1 describes a mapping from SCIM attributes to the vCard properties. In the table, the cardinality of the SCIM attribute is prefixed by an "S", whereas the cardinality of the vCard property is prefixed by a "v". The further notation has been adopted from [RFC6350] as follows: +-------------+----------------------------------------+ | 1 | Exactly one instance MUST be present. | | *1 | Exactly one instance MAY be present. | | 1* | One or more instances MUST be present. | | * | One or more instances MAY be present. | +-------------+----------------------------------------+ SCIM fields that have no vCard equivalent MUST be omitted in the vCard result. The reverse mapping from vCard to SCIM is defined in Section 4. The reason for having two tables is that some mappings are not invertible. +---------------------+-----------------+------------+--------------+ | SCIM attribute | vCard property | Cardinalit | Notes | | | | y | | +---------------------+-----------------+------------+--------------+ Greevenbosch Expires August 16, 2014 [Page 3] Internet-Draft SCIM/vCard mapping February 2014 | id | UID | S1 v*1 | See Section | | | | | 5 for | | | | | conversion | | | | | from SCIM id | | | | | space to | | | | | vCard UID | | | | | space. | | | | | | | externalId | | S*1 | | | | | | | | meta/created | | S*1 | | | | | | | | meta/lastModified | REV | S*1 v*1 | | | | | | | | meta/location | | S*1 | No direct | | | | | vCard | | | | | equivalent. | | | | | Candidates | | | | | could be | | | | | SOURCE and | | | | | ORG- | | | | | DIRECTORY. | | | | | | | meta/version | | S*1 | | | | | | | | meta/attributes | | S*1 | | | | | | | | userName | | S1 | | | | | | | | name/formatted | FN | S*1 v1* | | | | | | | | name/familyName | N (family | S*1 v*1 | Combined | | | names) | | with other | | | | | name | | | | | attributes | | | | | in a single | | | | | N element. | | | | | | | name/givenName | N (given names) | S*1 v*1 | Combined | | | | | with other | | | | | name | | | | | attributes | | | | | in a single | | | | | N element. | | | | | | | name/middleName | N (additional | S*1 v*1 | | | | names) | | | | | | | | Greevenbosch Expires August 16, 2014 [Page 4] Internet-Draft SCIM/vCard mapping February 2014 | name/honorificPrefi | N (honorific | S*1 v*1 | Combined | | x | prefixes) | | with other | | | | | name | | | | | attributes | | | | | in a single | | | | | N element. | | | | | | | name/honorificSuffi | N (honorific | S*1 v*1 | Combined | | x | suffixes) | | with other | | | | | name | | | | | attributes | | | | | in a single | | | | | N element. | | | | | | | displayName | | S*1 | | | | | | | | nickName | NICKNAME | S*1 v* | | | | | | | | profileUrl | URL | S*1 v* | Multiple | | | | | fields in | | | | | SCIM better? | | | | | | | emails | EMAIL | S* v* | See Table 2 | | | | | for the | | | | | conversion | | | | | of a | | | | | possible | | | | | "type" | | | | | attribute. | | | | | | | phoneNumbers | TEL (TYPE="voic | S* v* | | | (type="work") | e,work") | | | | | | | | | phoneNumbers | TEL (TYPE="voic | S* v* | | | (type="home") | e,home") | | | | | | | | | phoneNumbers | TEL (TYPE="voic | S* v* | | | (type="mobile") | e,cell") | | | | | | | | | phoneNumbers | TEL | S* v* | | | (type="fax") | (TYPE="fax") | | | | | | | | | phoneNumbers | TEL | S* v* | | | (type="pager") | (TYPE="pager") | | | | | | | | | phoneNumbers | TEL (no TYPE) | S* v* | | | (type="other") | | | | | | | | | Greevenbosch Expires August 16, 2014 [Page 5] Internet-Draft SCIM/vCard mapping February 2014 | phoneNumbers (no | TEL (no TYPE) | S* v* | | | type) | | | | | | | | | | ims | IMPP | S* v* | | | | | | | | photos | PHOTO | S* v* | URL of a web | | | | | location | | | | | where the | | | | | photo can be | | | | | retrieved. | | | | | | | addresses | ADR | S* v* | See | | | | | [RFC6350] | | | | | for the | | | | | internal | | | | | coding of | | | | | the ADR | | | | | property. | | | | | | | addresses/formatted | ADR (LABEL) | S* v* | | | | | | | | addresses/streetAdd | ADR (street | S* v* | Combined | | ress | address) | | with other | | | | | address | | | | | attributes | | | | | into a | | | | | single ADR | | | | | element. | | | | | | | addresses/locality | ADR (locality) | S* v* | Combined | | | | | with other | | | | | address | | | | | attributes | | | | | into a | | | | | single ADR | | | | | element. | | | | | | | addresses/region | ADR (region) | S* v* | Combined | | | | | with other | | | | | address | | | | | attributes | | | | | into a | | | | | single ADR | | | | | element. | | | | | | | addresses/postalCod | ADR (postal | S* v* | Combined | | e | code) | | with other | | | | | address | Greevenbosch Expires August 16, 2014 [Page 6] Internet-Draft SCIM/vCard mapping February 2014 | | | | attributes | | | | | into a | | | | | single ADR | | | | | element. | | | | | | | addresses/country | ADR (country) | S* v* | Combined | | | | | with other | | | | | address | | | | | attributes | | | | | into a | | | | | single ADR | | | | | element. | | | | | | | groups/value | | S* | ID of the | | | | | group | | | | | | | groups/$ref | | S* | URI of the | | | | | group | | | | | | | entitlements | | S* | Hard to map | | | | | as it is | | | | | proprietary | | | | | by nature. | | | | | | | roles | ROLE | S* v* | Consider | | | | | distinction | | | | | with the | | | | | "userType" | | | | | attribute. | | | | | | | x509Certificates | KEY | S* v* | Care is | | | | | required: | | | | | keys may not | | | | | have the | | | | | same usage. | | | | | | | employeeNumber | | S*1 | | | | | | | | title | TITLE | S*1 v* | | | | | | | | userType | ROLE | S*1 v* | Consider | | | | | distinction | | | | | with the | | | | | "roles" | | | | | attribute. | | | | | | | preferredLanguage | LANG | S*1 v* | Language tag | | | | | according to | Greevenbosch Expires August 16, 2014 [Page 7] Internet-Draft SCIM/vCard mapping February 2014 | | | | [RFC5646]. | | | | | | | locale | | S*1 | | | | | | | | timezone | TZ | S*1 v* | | | | | | | | active | | S*1 | | | | | | | | password | | S*1 | | | | | | | | costCenter | | S*1 | | | | | | | | organization | ORG | S*1 v* | Use the | | | | | hierarchical | | | | | order | | | | | defined in | | | | | vCard. | | | | | | | division | ORG | S*1 v* | Use the | | | | | hierarchical | | | | | order | | | | | defined in | | | | | vCard. | | | | | | | department | ORG | S*1 v* | Use the | | | | | hierarchical | | | | | order | | | | | defined in | | | | | vCard. | | | | | | | manager/managerId | | S*1 | SCIM | | | | | specific ID, | | | | | related to | | | | | "id" | | | | | attribute. | | | | | The vCard | | | | | RELATED | | | | | property | | | | | could be | | | | | used, but a | | | | | TYPE | | | | | "manager" | | | | | may need | | | | | definition. | | | | | In SCIM, | | | | | "managerID" | | | | | is mandatory | | | | | if "manager" | Greevenbosch Expires August 16, 2014 [Page 8] Internet-Draft SCIM/vCard mapping February 2014 | | | | is included. | | | | | | | manager/$ref | | S*1 | The URI of | | | | | the SCIM | | | | | resource | | | | | representing | | | | | the User's | | | | | manager. | | | | | | | manager/displayName | | S*1 | This field | | | | | is optional | | | | | in SCIM, | | | | | also when | | | | | "manager" is | | | | | included. | | | | | | | members/$ref | MEMBER | S* v* | Contains the | | | | | URIs of the | | | | | SCIM | | | | | resources | | | | | associated | | | | | with the | | | | | members of | | | | | the group. | | | | | | | members/id | MEMBER | S* v* | Contains the | | | | | IDs of the | | | | | SCIM | | | | | resources | | | | | associated | | | | | with the | | | | | members of | | | | | the group. | +---------------------+-----------------+------------+--------------+ Table 1: SCIM to vCard mapping 3.2. Mapping of SCIM attributes to vCard parameters In addition to SCIM properties, SCIM attributes may also need to be converted to vCard parameters. Table 2 contains the related mappings. +-----------+--------+-----------+-------------+--------------------+ | SCIM | SCIM | vCard | vCard value | Notes | | attribute | value | parameter | | | +-----------+--------+-----------+-------------+--------------------+ | type | home | TYPE | home | May be combined | Greevenbosch Expires August 16, 2014 [Page 9] Internet-Draft SCIM/vCard mapping February 2014 | | | | | with other types | | | | | | in vCard | | | | | | | | type | work | TYPE | work | May be combined | | | | | | with other types | | | | | | in vCard | | | | | | | | type | mobile | TYPE | cell | May be combined | | | | | | with other types | | | | | | in vCard | | | | | | | | type | fax | TYPE | fax | May be combined | | | | | | with other types | | | | | | in vCard | | | | | | | | type | pager | TYPE | pager | May be combined | | | | | | with other types | | | | | | in vCard | | | | | | | | type | other | | | Omitted in vCard | | | | | | | | type | aim | TYPE | x-aim | Only for "ims" | | | | | | | | type | gtalk | TYPE | x-gtalk | Only for "ims" | | | | | | | | type | icq | TYPE | x-icq | Only for "ims" | | | | | | | | type | xmpp | TYPE | x-xmpp | Only for "ims" | | | | | | | | type | msn | TYPE | x-msn | Only for "ims" | | | | | | | | type | skype | TYPE | x-skype | Only for "ims" | | | | | | | | type | qq | TYPE | x-qq | Only for "ims" | | | | | | | | type | yahoo | TYPE | x-yahoo | Only for "ims" | | | | | | | | type | photo | | | Only for "photo", | | | | | | vCard parameter | | | | | | can be omitted. | | | | | | | | type | yahoo | TYPE | x-thumbnail | Only for | | | | | | "thumbnail" | | | | | | | | primary | true | PREF | 1 | | | | | | | | | primary | false | | | Omitted in vCard. | +-----------+--------+-----------+-------------+--------------------+ Greevenbosch Expires August 16, 2014 [Page 10] Internet-Draft SCIM/vCard mapping February 2014 Table 2: Mapping of SCIM attributes to vCard parameters 4. Mapping from vCard properties to SCIM attributes 4.1. Mapping of vCard properties Table 3 describes a mapping from vCard properties to SCIM attributes. For the cardinalities, the same notation from Section 3 is used. Notice that the attributes "uid" and "userName" are mandatory in a SCIM representation, whereas they may not be available in the vCard. It is left to the application to generate sensible values for these fields. +-----------------+---------------------+------------+--------------+ | vCard property | SCIM attribute | Cardinalit | Notes | | | | y in | | | | | vCard/SCIM | | +-----------------+---------------------+------------+--------------+ | SOURCE | | v* | Similar to | | | | | SCIM meta/lo | | | | | cation. | | | | | | | KIND | | v*1 | In vCard can | | | | | have the | | | | | values "indi | | | | | vidual", | | | | | "group", | | | | | "org" and | | | | | "location". | | | | | The value "a | | | | | pplication" | | | | | was added by | | | | | [RFC6473]. | | | | | | | XML | | v* | Purpose: to | | | | | include | | | | | extended | | | | | XML-encoded | | | | | vCard data | | | | | in a plain | | | | | vCard. | | | | | | | FN | names/formatted | v1* S*1 | | | | | | | | N (family | names/familyName | v*1 S*1 | | | names) | | | | | | | | | Greevenbosch Expires August 16, 2014 [Page 11] Internet-Draft SCIM/vCard mapping February 2014 | N (given names) | names/givenName | v*1 S*1 | | | | | | | | N (additional | names/middleName | v*1 S*1 | | | names) | | | | | | | | | | N (honorific | names/honorificPref | v*1 S*1 | | | prefixes) | ix | | | | | | | | | N (honorific | names/honorificSuff | v*1 S*1 | | | suffixes) | ix | | | | | | | | | NICKNAME | nickName | v* S*1 | | | | | | | | PHOTO | photos | v* S* | URL of a web | | | | | location | | | | | where the | | | | | photo can be | | | | | retrieved. | | | | | | | BDAY | | v*1 | | | | | | | | ANNIVERSARY | | v*1 | | | | | | | | GENDER | | v*1 | Can have the | | | | | values | | | | | "M"ale, | | | | | "F"emale, | | | | | "O"ther, | | | | | "N"one or | | | | | not | | | | | applicable | | | | | or | | | | | "U"nknown. | | | | | | | ADR (LABEL) | addresses/formatted | v* S* | | | | | | | | ADR (post | addresses/streetAdd | v* S* | | | office box) | ress | | | | | | | | | ADR (extended | | v* | | | address) | | | | | | | | | | ADR (street | addresses/streetAdd | v* S* | | | address) | ress | | | | | | | | | ADR (locality) | addresses/locality | v* S* | | | | | | | | ADR (region) | addresses/region | v* S* | | Greevenbosch Expires August 16, 2014 [Page 12] Internet-Draft SCIM/vCard mapping February 2014 | | | | | | ADR (postal | addresses/postalCod | v* S* | | | code) | e | | | | | | | | | ADR (country) | addresses/country | v* S* | | | | | | | | TEL (TYPE="text | phoneNumbers, | v* S* | See Table 4 | | phone") | type="other" | | for related | | | | | type | | | | | mapping. | | | | | | | EMAIL | emails | v* S* | Can have | | | | | TYPE="work", | | | | | TYPE="home". | | | | | | | IMPP | ims | v* S* | | | | | | | | LANG | preferredLanguage | v* S*1 | | | | | | | | TZ | timezone | v* S*1 | | | | | | | | GEO | | v* | GPS | | | | | coordinates | | | | | | | TITLE | title | v* S*1 | | | | | | | | ROLE | roles | v* S*1 | | | | | | | | LOGO | | v* | | | | | | | | ORG | organization | v* S*1 | | | | | | | | MEMBER | members/id | v* S* | Contains a | | | | | vCard ID of | | | | | a member of | | | | | this group. | | | | | The vCard | | | | | MUST have KI | | | | | ND="group". | | | | | ID must be | | | | | converted. | | | | | | | RELATED | | v* | Contains a | | | | | vCard ID of | | | | | another | | | | | related | | | | | vCard. Can | | | | | have many | Greevenbosch Expires August 16, 2014 [Page 13] Internet-Draft SCIM/vCard mapping February 2014 | | | | TYPE values, | | | | | such as | | | | | "friend", | | | | | "neighbor" | | | | | and | | | | | "spouse". | | | | | | | CATEGORIES | | v* | Contains not | | | | | necessarily | | | | | unified | | | | | tags. | | | | | | | NOTE | | v* | Any text. | | | | | | | PRODID | | v*1 | ID for | | | | | producer of | | | | | vCard. | | | | | | | REV | | v*1 | Purpose: to | | | | | specify | | | | | revision | | | | | information | | | | | about the | | | | | current | | | | | vCard. | | | | | | | SOUND | | v* | | | | | | | | UID | externalId | v*1 S*1 | See Section | | | | | 5 for | | | | | conversion | | | | | from vCard | | | | | UID space to | | | | | SCIM id | | | | | space. | | | | | | | CLIENTPIDMAP | | v* | Link between | | | | | local PID | | | | | and global | | | | | URI. | | | | | | | URL | profileUrl | v* S*1 | | | | | | | | VERSION | | v1 | Version of | | | | | vCard specif | | | | | ication. | | | | | | | KEY | x509Certificates? | v* S* | Care is | Greevenbosch Expires August 16, 2014 [Page 14] Internet-Draft SCIM/vCard mapping February 2014 | | | | required: | | | | | keys may not | | | | | have the | | | | | same usage. | | | | | | | FBURL | | v* | Purpose: to | | | | | specify the | | | | | URI for the | | | | | busy time | | | | | associated | | | | | with the | | | | | object that | | | | | the vCard | | | | | represents. | | | | | | | CALADRURI | | v* | Purpose: to | | | | | specify the | | | | | calendar | | | | | user address | | | | | to which a | | | | | scheduling | | | | | request | | | | | should be | | | | | sent for the | | | | | object | | | | | represented | | | | | by the | | | | | vCard. | | | | | | | CALURI | | v* | Purpose: to | | | | | specify the | | | | | URI for a | | | | | calendar | | | | | associated | | | | | with the | | | | | object | | | | | represented | | | | | by the | | | | | vCard. | | | | | | | BIRTHPLACE | | v*1 | Defined in | | | | | [RFC6474]. | | | | | | | DEATHDATE | | v*1 | Defined in | | | | | [RFC6474]. | | | | | | | DEATHPLACE | | v*1 | Defined in | | | | | [RFC6474]. | Greevenbosch Expires August 16, 2014 [Page 15] Internet-Draft SCIM/vCard mapping February 2014 | | | | | | EXPERTISE | | v* | Defined in | | | | | [RFC6715]. | | | | | | | HOBBY | | v* | Defined in | | | | | [RFC6715]. | | | | | | | INTEREST | | v* | Defined in | | | | | [RFC6715]. | | | | | | | ORG-DIRECTORY | | v* | Defined in | | | | | [RFC6715]. | +-----------------+---------------------+------------+--------------+ Table 3: vCard to SCIM mapping 4.2. Mapping of vCard parameters Table 4 describes how vCard parameters are mapped to SCIM. +---------------+----------------+------------------+---------------+ | vCard | vCard | SCIM | Notes | | parameter | parameter | representation | | | | value | | | +---------------+----------------+------------------+---------------+ | TYPE | cell | "type": "mobile" | | | | | | | | TYPE | fax | "type": "fax" | | | | | | | | TYPE | pager | "type": "pager" | | | | | | | | TYPE | text | "type": "other" | | | | | | | | TYPE | textphone | "type": "other" | | | | | | | | TYPE | video | "type": "video" | | | | | | | | TYPE | voice | | Omitted in | | | | | SCIM | +---------------+----------------+------------------+---------------+ Table 4: Mapping of vCard parameters 5. Mapping between SCIM and vCard IDs A SCIM specific prefix could be used to indicate the conversion from SCIM IDs to vCard UIDs. A "Service Provider" specific part would Greevenbosch Expires August 16, 2014 [Page 16] Internet-Draft SCIM/vCard mapping February 2014 need to be included in the vCard UID, as the SCIM ID is unique within the Service Provider's space only. The following format is proposed: UID:scim:[serviceProviderID]:123456789 Conversion from vCard to SCIM may be done similarly, i.e. by adding a prefix to the vCard UID. The SCIM schema document mentions for the SCIM ID: "This identifier MUST be unique across the Service Provider's entire set of Resources", so as long as the vCard UID indeed is globally unique, and the service provider uses the prefix for vCard acquired resources only, the rule should hold. Notice that the above mechanism allows looping. For example, converting SCIM -> vCard -> SCIM would lead to another SCIM ID in the second representation as in the first. This indeed reflects the possible loss of information in the conversion process. It is RECOMMENDED to avoid this kind of chained conversion. Because of the format of the vCard UID after conversion from SCIM, the SCIM service provider can detect above mentioned chained conversion, as well as the original vCard ID. The actions the service provider may take upon such detection may for example include using the original SCIM data instead, or using smarter mapping by analysing the original and the new import. This kind of mechanisms is left out of scope of this document. 6. Differences between vCard and SCIM This section contains a non-exhaustive list of differences between vCard and SCIM. o In vCard, a group property can be established. This property contains the IDs of its members. In SCIM however, the group/ membership relation can be signalled in two directions: just like vCard the group object can signal its members through the "members" attribute, but the member objects can also point to the groups they are part of, through the "groups" attribute. o In SCIM, relations between objects can be established either through their IDs or through their URIs. vCard only uses IDs to signal relationships between entities. 7. Examples Greevenbosch Expires August 16, 2014 [Page 17] Internet-Draft SCIM/vCard mapping February 2014 7.1. Mapping from SCIM to vCard Figure 2 contains the result after converting the SCIM data from Figure 1 to vCard. Notice that the following fields have been omitted during conversion: o userName o locale o active o password o groups o meta fields except for "lastModified" { "schemas": ["urn:scim:schemas:core:2.0:User"], "id": "2819c223-7f76-453a-919d-413861904646", "externalId": "701984", "userName": "bjensen@example.com", "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificPrefix": "Ms.", "honorificSuffix": "III" }, "displayName": "Babs Jensen", "nickName": "Babs", "profileUrl": "https://login.example.com/bjensen", "emails": [ { "value": "bjensen@example.com", "type": "work", "primary": true }, { "value": "babs@jensen.org", "type": "home" } ], "addresses": [ { Greevenbosch Expires August 16, 2014 [Page 18] Internet-Draft SCIM/vCard mapping February 2014 "type": "work", "streetAddress": "100 Universal City Plaza", "locality": "Hollywood", "region": "CA", "postalCode": "91608", "country": "USA", "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA", "primary": true }, { "type": "home", "streetAddress": "456 Hollywood Blvd", "locality": "Hollywood", "region": "CA", "postalCode": "91608", "country": "USA", "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA" } ], "phoneNumbers": [ { "value": "555-555-5555", "type": "work" }, { "value": "555-555-4444", "type": "mobile" } ], "ims": [ { "value": "someaimhandle", "type": "aim" } ], "photos": [ { "value": "https://photos.example.com/profilephoto/72930000000Ccne/F", "type": "photo" }, { "value": "https://photos.example.com/profilephoto/72930000000Ccne/T", "type": "thumbnail" } ], "userType": "Employee", "title": "Tour Guide", "preferredLanguage":"en_US", Greevenbosch Expires August 16, 2014 [Page 19] Internet-Draft SCIM/vCard mapping February 2014 "locale": "en_US", "timezone": "America/Los_Angeles", "active":true, "password":"t1meMa$heen", "groups": [ { "value": "e9e30dba-f08f-4109-8486-d5c6a331660a", "$ref": "https://example.com/v1/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a", "display": "Tour Guides" }, { "value": "fc348aa8-3835-40eb-a20b-c726e15c55b5", "$ref": "https://example.com/v1/Groups/fc348aa8-3835-40eb-a20b-c726e15c55b5", "display": "Employees" }, { "value": "71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7", "$ref": "https://example.com/v1/Groups/71ddacd2-a8e7-49b8-a5db-ae50d0a5bfd7", "display": "US Employees" } ], "x509Certificates": [ { "value": "MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc 1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3 DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1 +GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo=" } ], "meta": { "resourceType": "User", "created": "2010-01-23T04:56:22Z", "lastModified": "2011-05-13T04:42:34Z", "version": "W\/\"a330bc54f0671c9\"", Greevenbosch Expires August 16, 2014 [Page 20] Internet-Draft SCIM/vCard mapping February 2014 "location": "https://example.com/v1/Users/2819c223-7f76-453a-919d-413861904646" } } Figure 1: Original SCIM data BEGIN:VCARD VERSION:4.0 UID:"scim:provider.example:org:2819c223-7f76-453a-919d-413861904646" FN:Ms. Barbara J Jensen III N:Jensen;Barbera;Jane;Ms.;III NICKNAME:Babs URL:"https://login.example.com/bjensen" EMAIL;TYPE=work;PREF=1:bjensen@example.com EMAIL;TYPE=home:babs@jensen.org ADR;LABEL="100 Universal City Plaza\nHollywood, CA 91608 USA";TYPE=work :;;100 Universal City Plaza;Hollywood;CA;91608;USA ADR;LABEL="456 Hollywood Blvd\nHollywood, CA 91608 USA";type=home:;;456 Hollywood Blvd;Hollywood;CA;91608;USA TEL;TYPE=voice,work:555-555-5555 TEL;TYPE=cell:555-555-4444 IMPP;TYPE=x-aim:someaimhandle PHOTO:"https://photos.example.com/profilephoto/72930000000Ccne/F" PHOTO;TYPE=x-thumbnail:"https://photos.example.com/profilephoto/7293000 0000Ccne/T" ROLE:Employee TITLE:Tour Guide LANG:en-US TZ:America/Los_Angeles KEY:MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc 1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3 DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV MIIDQzCCAqygAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAoMC2V4YW1wbGUuY29tMRQwEgYD VQQDDAtleGFtcGxlLmNvbTAeFw0xMTEwMjIwNjI0MzFaFw0xMjEwMDQwNjI0MzFa MH8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQKDAtl eGFtcGxlLmNvbTEhMB8GA1UEAwwYTXMuIEJhcmJhcmEgSiBKZW5zZW4gSUlJMSIw IAYJKoZIhvcNAQkBFhNiamVuc2VuQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA7Kr+Dcds/JQ5GwejJFcBIP682X3xpjis56AK02bc Greevenbosch Expires August 16, 2014 [Page 21] Internet-Draft SCIM/vCard mapping February 2014 1FLgzdLI8auoR+cC9/Vrh5t66HkQIOdA4unHh0AaZ4xL5PhVbXIPMB5vAPKpzz5i PSi8xO8SL7I7SDhcBVJhqVqr3HgllEG6UClDdHO7nkLuwXq8HcISKkbT5WFTVfFZ zidPl8HZ7DhXkZIRtJwBweq4bvm3hM1Os7UQH05ZS6cVDgweKNwdLLrT51ikSQG3 DYrl+ft781UQRIqxgwqCfXEuDiinPh0kkvIi5jivVu1Z9QiwlYEdRbLJ4zJQBmDr SGTMYn4lRc2HgHO4DqB/bnMVorHB0CC6AV1QoFK4GPe1LwIDAQABo3sweTAJBgNV HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp Y2F0ZTAdBgNVHQ4EFgQU8pD0U0vsZIsaA16lL8En8bx0F/gwHwYDVR0jBBgwFoAU dGeKitcaF7gnzsNwDx708kqaVt0wDQYJKoZIhvcNAQEFBQADgYEAA81SsFnOdYJt Ng5Tcq+/ByEDrBgnusx0jloUhByPMEVkoMZ3J7j1ZgI8rAbOkNngX8+pKfTiDz1R C4+dx8oU6Za+4NJXUjlL5CvV6BEYb1+QAEJwitTVvxB/A67g42/vzgAtoRUeDov1 +GFiBZ+GNF/cAYKcMtGcrs2i97ZkJMo= REF:"2011-05-13T04:42:34Z" END:VCARD Figure 2: After conversion to vCard 7.2. Mapping from vCard to SCIM Figure 4 contains the result after converting the vCard data from Figure 3 to SCIM. The following vCard attributes have been omitted in the SCIM representation: o GENDER o BDAY The mandatory "uid" and "userName" attributes have been added to the SCIM representation, although they have not been defined in the vCard. Greevenbosch Expires August 16, 2014 [Page 22] Internet-Draft SCIM/vCard mapping February 2014 BEGIN:VCARD VERSION:4.0 FN:Vincent van Gogh N:van Gogh;Vincent;;; GENDER:M BDAY:18530330 ROLE;LANGUAGE="en":painter LANG;PREF=1:nl LANG;PREF=2:fr ADR;LABEL="Vincent van Gogh\n54 Rue Lepic\n75018 Paris\nFrance";LANGUAG E="fr";TYPE=home:;3th floor;54 Rue Lepic;Paris;;75018;France TEL;TYPE="work,voice";PREF=1:+33-1-123456 TEL;TYPE="home,voice";PREF=2:+33-1-654321 EMAIL;TYPE=home:vangogh@example.com URL;TYPE=work:"http://www.vangogh.example.com" TZ:+0100 END:VCARD Figure 3: Original SCIM data Greevenbosch Expires August 16, 2014 [Page 23] Internet-Draft SCIM/vCard mapping February 2014 { "schemas": ["urn:scim:schemas:core:2.0:User"], "id": "xyz", "userName": "vangogh@example.com", "name": { "formatted": "Vincent van Gogh", "familyName": "van Gogh", "givenName": "Vincent", }, "roles": [ { "value": "painter" } ], "preferredLanguage": "nl", "adresses": [ { "type": "home", "streetAddress": "54 Rue Lepic", "locality": "Paris", "postalCode": "75018", "country": "France", "formatted": "Vincent van Gogh\n54 Rue Lepic\n75018 Paris\nFrance" } ], "phoneNumbers": [ { "value": "+33-1-123456", "type": "work" }, { "value": "+33-1-654321", "type": "home" } ], "emails": [ { "value": "vangogh@example.com", "type": "home" } ], "timezone": "+0100" } Figure 4: Original SCIM data Greevenbosch Expires August 16, 2014 [Page 24] Internet-Draft SCIM/vCard mapping February 2014 8. Open issues The following issues require further consideration: o It may be feasible to leave out the conversion between SCIM ids and vCarD UIDs, as they may be dependent on the particular application that is importing the information. o It is unclear on whether the SCIM ID can include alphanumeric characters or is restricted to numeric characters only. The examples in [I-D.ietf-scim-core-schema] seem to indicate that they consist of hexadecimal numbers, with dashes at appropriate places. If this is the case, then during the conversion from vCard UIDs to SCIM IDs would include conversion of alphanumeric characters to hexadecimal values. o For SCIM fields that have no equivalent vCard attributes, vCard attributes of the form "x-..." could be defined. Alternatively, vCard attributes could be defined, and registered with IANA. o The "id" and "userName" fields are mandatory in SCIM. However, a vCard does not have to contain similar information. Creating a sensible value of these fields may be left to the SCIM application that is importing the vCard, or guidelines could be defined. 9. IANA Considerations A "manager" TYPE for the RELATED vCard property may need registration. 10. Security Considerations The mapping between vCard and SCIM may be useful for easily transferring data for one system towards another. However, it also has privacy implications. Therefore, it is important that user consensus is acquired where applicable. For this document, some decisions were made concerning mapping between attributes and properties with similar, but not equal, semantics. This was done in a best effort manner. However one should realise that during the mapping process some accuracy from the original data may be lost. Conversion from SCIM to vCard and subsequently back to SCIM, as well as conversion from vCard to SCIM and subsequently back to vCard SHOULD be avoided. Greevenbosch Expires August 16, 2014 [Page 25] Internet-Draft SCIM/vCard mapping February 2014 11. Acknowledgements Thanks to Kepeng Li for providing feedback and suggestions. Thanks to Paul Madsen and Phil Hunt for providing similar mapping drafts [draft-scim-saml2-binding] and [I-D.hunt-scim-directory], which have served as inspiration for this document. Michael Angstadt and Dany Cauchie provided valuable review comments. 12. References 12.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC5646] Phillips, A. and M. Davis, "Tags for Identifying Languages", BCP 47, RFC 5646, September 2009. [RFC6350] Perreault, S., "vCard Format Specification", RFC 6350, August 2011. [RFC6473] Saint-Andre, P., "vCard KIND:application", RFC 6473, December 2011. [RFC6474] Li, K. and B. Leiba, "vCard Format Extensions: Place of Birth, Place and Date of Death", RFC 6474, December 2011. [RFC6715] Cauchie, D., Leiba, B., and K. Li, "vCard Format Extensions: Representing vCard Extensions Defined by the Open Mobile Alliance (OMA) Converged Address Book (CAB) Group", RFC 6715, August 2012. [I-D.ietf-scim-core-schema] Mortimore, C., Harding, P., Madsen, P., and T. Drake, "System for Cross-Domain Identity Management: Core Schema", draft-ietf-scim-core-schema-02 (work in progress), August 2013. 12.2. Informative References [I-D.hunt-scim-directory] Hunt, P., "SCIM Directory Services", draft-hunt-scim- directory-00 (work in progress), September 2012. [draft-scim-saml2-binding] Madsen, P., "SAML 2.0 Binding for SCIM", draft-scim- saml2-binding-02 (work in progress), April 2011. Greevenbosch Expires August 16, 2014 [Page 26] Internet-Draft SCIM/vCard mapping February 2014 Author's Address Bert Greevenbosch Huawei Technologies Co., Ltd. Huawei Industrial Base F1-8 Bantian, Longgang District Shenzhen 518129 P.R. China Phone: +86-755-28979133 Email: bert.greevenbosch@huawei.com Greevenbosch Expires August 16, 2014 [Page 27]