From d.moebius@tarent.de Tue Jan 7 04:37:55 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5AFF1AE005 for ; Tue, 7 Jan 2014 04:37:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.078 X-Spam-Level: X-Spam-Status: No, score=-0.078 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EGkX0Ta0fq05 for ; Tue, 7 Jan 2014 04:37:54 -0800 (PST) Received: from mail-pa0-f72.google.com (mail-pa0-f72.google.com [209.85.220.72]) by ietfa.amsl.com (Postfix) with ESMTP id 0188A1ADFFF for ; Tue, 7 Jan 2014 04:37:53 -0800 (PST) Received: by mail-pa0-f72.google.com with SMTP id bj1so802715pad.7 for ; Tue, 07 Jan 2014 04:37:44 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=EH+SPCTyCicCboPGjQNbpe6tsiZunW1sXBWMYCunv34=; b=Vl7PC46ZoG5J0YPIROZ/H1IRjNC4qFEApnaEqf2/bIfJguuToPg+ElNH1PTex2xkrS /NMKP18jNOpArioW/N5x+wyiedI2nK0pAojBk3m/RW6VGWgVZFujgkSR0YGZFKC56f3n Eskf3MaA21oQCVf59sPP9za/MGCwnBEPPG4Qlm2BkOCiO769I/it0+fzCa8nlDdn0cI2 1WCLk2wqnOBgSUfMUDIMbLi9n57ETTVVRRPMnFDjPs5WzverdW+g6EO0H6x3SDbQdJpS Gt1Hyneoj50NSrE6s0Rp45Vjr0gbTKQ1pCgNiqHZNdqF71gaQLWT4q7zx7n7C55CoZ4+ oIkg== X-Gm-Message-State: ALoCoQnx4pCPtGuKpjdJWm2PR8cWX4QYGFByTOOgS6YgDzSX4JIZfOviKIVLXwwR36/jOAgjYZlL MIME-Version: 1.0 X-Received: by 10.66.175.4 with SMTP id bw4mr5001715pac.56.1389098264441; Tue, 07 Jan 2014 04:37:44 -0800 (PST) Received: by 10.66.67.41 with HTTP; Tue, 7 Jan 2014 04:37:44 -0800 (PST) Date: Tue, 7 Jan 2014 13:37:44 +0100 Message-ID: From: David Moebius To: scim@ietf.org Content-Type: multipart/alternative; boundary=047d7bea385a9c4b5704ef60a49b Subject: [scim] definition of Canonical Type's X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jan 2014 12:37:56 -0000 --047d7bea385a9c4b5704ef60a49b Content-Type: text/plain; charset=ISO-8859-1 Hi to all and a happy new year :) We have a question to the Canonical Type's of the mutli valued attributes. Are the types descriped in http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2 the only types that are allowed or are these types the minimal set that has to be supported and service consumers can introduce new types? For example. By the Ims the types are aim, gtalk, icq, xmpp, msn, skype, qq, and yahoo. What if a user uses another Im. We don't even have the type "other". We would be happy for a quick answer. by David --047d7bea385a9c4b5704ef60a49b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi to all and a happy new year :)

We ha= ve a question to the Canonical Type's of the mutli valued attributes.

Are the types descriped in=A0http://tools.ie= tf.org/html/draft-ietf-scim-core-schema-02#section-6.2 the only types t= hat are allowed or are these types the minimal set that has to be supported= and service consumers can introduce new types?

For example. By the Ims the types are aim, gtalk, icq, = xmpp, msn, skype, qq, and yahoo.=A0
What if a user uses another I= m. We don't even have the type "other".

We would be happy for a quick answer.

by Davi= d
--047d7bea385a9c4b5704ef60a49b-- From kelly.grizzle@sailpoint.com Tue Jan 7 06:16:01 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBF4A1AE072 for ; Tue, 7 Jan 2014 06:16:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XjvE7t-xRXfA for ; Tue, 7 Jan 2014 06:15:59 -0800 (PST) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0240.outbound.protection.outlook.com [207.46.163.240]) by ietfa.amsl.com (Postfix) with ESMTP id 50C2C1AE076 for ; Tue, 7 Jan 2014 06:15:59 -0800 (PST) Received: from BN1PR04MB392.namprd04.prod.outlook.com (10.141.60.151) by BN1PR04MB389.namprd04.prod.outlook.com (10.141.60.140) with Microsoft SMTP Server (TLS) id 15.0.842.7; Tue, 7 Jan 2014 14:15:48 +0000 Received: from BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.206]) by BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.206]) with mapi id 15.00.0842.003; Tue, 7 Jan 2014 14:15:48 +0000 From: Kelly Grizzle To: David Moebius , "scim@ietf.org" Thread-Topic: [scim] definition of Canonical Type's Thread-Index: AQHPC6VIuqTQAE7cakmxy5sAVte5Wpp5TiZg Date: Tue, 7 Jan 2014 14:15:48 +0000 Message-ID: <7b29f208ec4147dbabf0867257f992e2@BN1PR04MB392.namprd04.prod.outlook.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-vipre-scanned: 03E35BD900626003E35D26 x-originating-ip: [72.182.10.254] x-forefront-prvs: 008421A8FF x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(52044002)(377454003)(199002)(189002)(76796001)(31966008)(47976001)(74316001)(49866001)(76576001)(33646001)(81686001)(81542001)(59766001)(65816001)(54316002)(16236675002)(81816001)(77982001)(76482001)(47446002)(80976001)(74876001)(76786001)(19300405004)(63696002)(66066001)(51856001)(80022001)(74502001)(74706001)(74662001)(19609705001)(85852003)(83072002)(79102001)(54356001)(56776001)(69226001)(74366001)(50986001)(53806001)(87936001)(81342001)(15202345003)(46102001)(87266001)(19580405001)(85306002)(15975445006)(77096001)(47736001)(2656002)(4396001)(90146001)(83322001)(19580395003)(56816005)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN1PR04MB389; H:BN1PR04MB392.namprd04.prod.outlook.com; CLIP:72.182.10.254; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en; Content-Type: multipart/alternative; boundary="_000_7b29f208ec4147dbabf0867257f992e2BN1PR04MB392namprd04pro_" MIME-Version: 1.0 X-OriginatorOrg: sailpoint.com Subject: Re: [scim] definition of Canonical Type's X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jan 2014 14:16:02 -0000 --_000_7b29f208ec4147dbabf0867257f992e2BN1PR04MB392namprd04pro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi David. Feel free to extend these. There is even a facility in the Sche= ma for a service provider to expose which canonical types it supports. See= the "canonicalValues" sub-attribute here - http://tools.ietf.org/html/draf= t-ietf-scim-core-schema-02#section-11. --Kelly From: scim [mailto:scim-bounces@ietf.org] On Behalf Of David Moebius Sent: Tuesday, January 07, 2014 6:38 AM To: scim@ietf.org Subject: [scim] definition of Canonical Type's Hi to all and a happy new year :) We have a question to the Canonical Type's of the mutli valued attributes. Are the types descriped in http://tools.ietf.org/html/draft-ietf-scim-core-= schema-02#section-6.2 the only types that are allowed or are these types th= e minimal set that has to be supported and service consumers can introduce = new types? For example. By the Ims the types are aim, gtalk, icq, xmpp, msn, skype, qq= , and yahoo. What if a user uses another Im. We don't even have the type "other". We would be happy for a quick answer. by David --_000_7b29f208ec4147dbabf0867257f992e2BN1PR04MB392namprd04pro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi David.  Feel free= to extend these.  There is even a facility in the Schema for a servic= e provider to expose which canonical types it supports.  See the ̶= 0;canonicalValues” sub-attribute here - http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-11.

 <= /p>

--Kelly=

 <= /p>

 <= /p>

From: scim [ma= ilto:scim-bounces@ietf.org] On Behalf Of David Moebius
Sent: Tuesday, January 07, 2014 6:38 AM
To: scim@ietf.org
Subject: [scim] definition of Canonical Type's

 

Hi to all and a happy new year :)

 

We have a question to the Canonical Type's of the mu= tli valued attributes.

 

Are the types descriped in http://tools.= ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2 the only types= that are allowed or are these types the minimal set that has to be supported and service consumers can introduce n= ew types?

 

For example. By the Ims the types are aim, gtalk, ic= q, xmpp, msn, skype, qq, and yahoo. 

What if a user uses another Im. We don't even have t= he type "other".

 

We would be happy for a quick answer.

 

by David

--_000_7b29f208ec4147dbabf0867257f992e2BN1PR04MB392namprd04pro_-- From d.moebius@tarent.de Tue Jan 7 07:00:04 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41BAD1ADEB5 for ; Tue, 7 Jan 2014 07:00:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.977 X-Spam-Level: X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ig10gySJ0BOU for ; Tue, 7 Jan 2014 07:00:02 -0800 (PST) Received: from mail-pa0-f71.google.com (mail-pa0-f71.google.com [209.85.220.71]) by ietfa.amsl.com (Postfix) with ESMTP id 3ECCF1AD8CD for ; Tue, 7 Jan 2014 07:00:02 -0800 (PST) Received: by mail-pa0-f71.google.com with SMTP id kp14so1230972pab.2 for ; Tue, 07 Jan 2014 06:59:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=S3Q0DGZ974dEDV+7+jvDoMJLda8RpulFOoXSFH3pe7I=; b=TU7RZPvccnS6lAesM3HuQ4FLHP8RVHGrTLXeJSfuW2LJ0vxilQZhPs+tu7p9fqpSJG O64GpFUApYbYB1GAtiSRaqWUDtQBGMDGm/f9XYTjoVltanB7ZG1NhgKSoq0fGcEDNae1 JEP2vfBhc363LFMwJAzuAz+LUTu8VObY+nC0y2lE+NZDDMtmMQTMubU8CqZTfQ7Ez+wg vTkP89CZGyxdAHboZ/XqYxCaodPU+BGcDof45CwqodSWP6JdaI25mvOjGLmlTQyhb+WV wpNGTveWD97yF/9cmFvVB6MGQ2XfvheO2Gul+3J6zHok22Ogn3ZJQPhhFEmBga+8wWwZ p6uA== X-Gm-Message-State: ALoCoQlOjxSfFZpiRdliYWL5XerHQV5Rf0mvOavWeVXJWFcxKOCjHY2vnurSAKEXM4VnmK3Ng2L1 MIME-Version: 1.0 X-Received: by 10.69.1.104 with SMTP id bf8mr18330388pbd.75.1389106793482; Tue, 07 Jan 2014 06:59:53 -0800 (PST) Received: by 10.66.67.41 with HTTP; Tue, 7 Jan 2014 06:59:53 -0800 (PST) In-Reply-To: <7b29f208ec4147dbabf0867257f992e2@BN1PR04MB392.namprd04.prod.outlook.com> References: <7b29f208ec4147dbabf0867257f992e2@BN1PR04MB392.namprd04.prod.outlook.com> Date: Tue, 7 Jan 2014 15:59:53 +0100 Message-ID: From: David Moebius To: Kelly Grizzle Content-Type: multipart/alternative; boundary=047d7b2e0c0ffb202b04ef62a09d Cc: "scim@ietf.org" Subject: Re: [scim] definition of Canonical Type's X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jan 2014 15:00:04 -0000 --047d7b2e0c0ffb202b04ef62a09d Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hy Kelly. Thanks for the quick answer. We will follow you suggestion and provide all described values but also give the enduser the possibility to define his own types. by David 2014/1/7 Kelly Grizzle > Hi David. Feel free to extend these. There is even a facility in the > Schema for a service provider to expose which canonical types it supports= . > See the =93canonicalValues=94 sub-attribute here - > http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-11. > > > > --Kelly > > > > > > *From:* scim [mailto:scim-bounces@ietf.org] *On Behalf Of *David Moebius > *Sent:* Tuesday, January 07, 2014 6:38 AM > *To:* scim@ietf.org > *Subject:* [scim] definition of Canonical Type's > > > > Hi to all and a happy new year :) > > > > We have a question to the Canonical Type's of the mutli valued attributes= . > > > > Are the types descriped in > http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2 the > only types that are allowed or are these types the minimal set that has t= o > be supported and service consumers can introduce new types? > > > > For example. By the Ims the types are aim, gtalk, icq, xmpp, msn, skype, > qq, and yahoo. > > What if a user uses another Im. We don't even have the type "other". > > > > We would be happy for a quick answer. > > > > by David > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --047d7b2e0c0ffb202b04ef62a09d Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable
Hy Kelly.

Thanks for the quick answer.<= /div>
We will follow you suggestion and provide all described values bu= t also give the enduser the possibility to define his own types.

by David


2014/1/7 Kelly Grizzle <kelly.grizzle@sai= lpoint.com>

Hi David.=A0 Feel free to= extend these.=A0 There is even a facility in the Schema for a service prov= ider to expose which canonical types it supports.=A0 See the =93canonicalVa= lues=94 sub-attribute here - http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-11.

=A0<= /p>

--Kelly

=A0<= /p>

=A0<= /p>

From: scim [ma= ilto:scim-bounce= s@ietf.org] On Behalf Of David Moebius
Sent: Tuesday, January 07, 2014 6:38 AM
To: scim@ietf.org=
Subject: [scim] definition of Canonical Type's

=A0

Hi to all and a happy new year :)

=A0

We have a question to the Canonical Type's of th= e mutli valued attributes.

=A0

Are the types descriped in=A0http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2= the only types that are allowed or are these types the minimal set that has to be supported and service consumers can introduce n= ew types?

=A0

For example. By the Ims the types are aim, gtalk, ic= q, xmpp, msn, skype, qq, and yahoo.=A0

What if a user uses another Im. We don't even ha= ve the type "other".

=A0

We would be happy for a quick answer.<= /p>

=A0

by David


_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim


--047d7b2e0c0ffb202b04ef62a09d-- From prvs=708515CD6E=erik.wahlstrom@nexusgroup.com Wed Jan 8 07:35:19 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D67B1AE446 for ; Wed, 8 Jan 2014 07:35:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.6 X-Spam-Level: X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C6QdzXAoOARz for ; Wed, 8 Jan 2014 07:35:16 -0800 (PST) Received: from mailedge.nexussafe.com (mailedge.nexussafe.com [83.241.133.98]) by ietfa.amsl.com (Postfix) with ESMTP id DC49B1ADF35 for ; Wed, 8 Jan 2014 07:35:15 -0800 (PST) Received: from MARVMAILCAS.technxs.com (10.75.28.37) by MailEdge.nexussafe.com (83.241.133.98) with Microsoft SMTP Server (TLS) id 14.0.722.0; Wed, 8 Jan 2014 16:35:08 +0100 Received: from MARVMAILDB.technxs.com ([fe80::2481:7a28:782a:7fc7]) by MarvMailCAS.technxs.com ([fe80::cd7:3e15:4b14:c076%14]) with mapi id 14.03.0158.001; Wed, 8 Jan 2014 16:35:04 +0100 From: =?Windows-1252?Q?Erik_Wahlstr=F6m?= To: Phil Hunt Thread-Topic: [scim] Open Ticket Recommendations (Tickets 1 to 20) Thread-Index: AQHPBYw4M/K5OMHQKUunfrXjQHHco5p68ooA Date: Wed, 8 Jan 2014 15:35:03 +0000 Message-ID: References: <831A94AD-A84F-412C-ACFD-8A1BD99ECDBF@oracle.com> In-Reply-To: <831A94AD-A84F-412C-ACFD-8A1BD99ECDBF@oracle.com> Accept-Language: en-US, sv-SE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.75.28.139] Content-Type: multipart/alternative; boundary="_000_D31DEBB3A29D4272A5138FD6B6E1D876nexussafecom_" MIME-Version: 1.0 Cc: "scim@ietf.org WG" Subject: Re: [scim] Open Ticket Recommendations (Tickets 1 to 20) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2014 15:35:19 -0000 --_000_D31DEBB3A29D4272A5138FD6B6E1D876nexussafecom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Great work Phil. +1 on everything except Ticket : 13 Add "required" flag in configuration t= o support etags. I think it=92s a won=92t fix. See http://www.ietf.org/mail-archive/web/scim= /current/msg01388.html I recommend that we just close it. / Erik On 30 Dec 2013, at 19:22, Phil Hunt > wrote: On the last SCIM WG conference call (where we did not have quorum), one of = the follow-up items proposed by was for members to personally review the op= en tickets and make some recommendations to assist the chairs on dispositio= n of the current items. Many of them have proposals and many of them are s= traight forward. This should help Kelly move forward with the next revisio= n of the draft in a quicker fashion: These are my personal recommendations, please comment with your +1 or prefe= rred alternative action. Note: Missing ticket numbers are already resolve= d/closed. Ticket: 1 Roles within Groups Recommendation: Won't fix Comment: Replaced by ticket 11 Ticket: 2 Add pagination capability to plural Resource attributes Recommendation: Won't fix Comment: Solved/impact reduced by ticket 10 Ticket: 3 ExcludedAttributes Parameter Recommendation: Leave as new (continue discussion) Comment: Impact reduced by ticket 10 - is there still a need to exclude at= tributes from the default set? What about using "!" on the attributes para= meter? Ticket: 4 Bring SAML Binding Up to Date Recommendation: Leave as new Comment: No apparent work. Ticket: 6 Nickname part of Name attribute Recommendation: Won't fix Comment: While there are some advantages, I don't see enough value that mak= ing a change makes sense. Making name complex makes mapping for LDAP harde= r. Ticket: 8 Targeting and Proxying Recommendation: Won't fix Comment: This functionality has been covered by draft 02 (tenancy section)= and can be also enhanced by ticket 55 (redirection). Ticket: 9 Add ability to mark attributes as unique in schemas Recommendation: Apply to draft Comment: See discussion added Dec 30, values for uniqueness recommended (n= ote: more discussion may be needed) Ticket: 10 Ability to mark attributes as sensitive in schemas Recommendation: Apply to draft Comment: Significant discussion and work occurred prior to and at IETF88 (= vancouver) where informal consensus was obtained Ticket: 11 Define Simple Language for Entitlements Recommendation: Defer Comment: Chris Phillips did some good starting work. But I don't see enoug= h discussion yet. Focus on for a following draft? Ticket: 12 OpenID Connect and SCIM Recommendation: Won't fix Comment: This seems to be an item for OIDF. That said, I have suggested th= at SCIM be a valid endpoint in draft-hunt-oauth-v2-user-a4c Never-the-less, this isn't an item which impacts SCIM itself. Should we le= ave open as a liaison/ note taking item? Ticket : 13 Add "required" flag in configuration to support etags Recommendation: Apply to draft Comment: Though no proposed text is available, this seems straight forward Ticket: 14 Enhance password and login metadata Recommendation: Defer to future draft Comment: There is significant work being done in the area by more than one= participant. There is a need to make a standardized, inter-operable recomm= endation. However, there is no significant proposal on the ticket at this t= ime. Ticket: 15 Soft Delete and Resurrection Recommendation: Defer to future draft Ticket:16 Attribute selection in query responses Recommendation: Won't fix (Duplicate) Comment: This item covered by Ticket 10 which determines what attributes a= re returned by default Ticket: 18 Review Patch Function Recommendation: Defer Comment: Still had complaints on my side. Yet no new proposal has been dra= fted Ticket: 20 Insert a "person" resource into the model Recommendation: Won't fix Comment: This ticket has been around for a while. While it seems like a go= od thing, we seem to have avoided hierarchical structures. The current dra= ft provides more details on schema extension and I think the need for this = is minimal. (please comment if you disagree!!) Tickets 21 and higher will follow in another message=85 Phil @independentid www.independentid.com phil.hunt@oracle.com _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_D31DEBB3A29D4272A5138FD6B6E1D876nexussafecom_ Content-Type: text/html; charset="Windows-1252" Content-ID: <7296159E8FD4B8499106BB10B1191078@nexussafe.com> Content-Transfer-Encoding: quoted-printable
Great work Phil.

+1 on everything except Ticket : 13  Add "required"= flag in configuration to support etags.


I recommend that we just close it.

/ Erik

On 30 Dec 2013, at 19:22, Phil Hunt <phil.hunt@oracle.com> wrote:

On the last SCIM WG conference call (where we did not have quorum), one of = the follow-up items proposed by was for members to personally review the op= en tickets and make some recommendations to assist the chairs on dispositio= n of the current items.  Many of them have proposals and many of them are straight forward.  This shou= ld help Kelly move forward with the next revision of the draft in a quicker= fashion:

These are my personal recommendations, please comment with your +1= or preferred alternative action.  Note:  Missing ticket numbers = are already resolved/closed.

Ticket:  1  Roles within Groups
Recommendation:  Won't fix
Comment:  Replaced by ticket 11

Ticket: 2 Add pagination capability to plural Resource attributes
Recommendation:  Won't fix
Comment:  Solved/impact reduced by ticket 10

Ticket: 3  ExcludedAttributes Parameter
Recommendation:  Leave as new (continue discussion)
Comment:  Impact reduced by ticket 10 - is there still a need to = exclude attributes from the default set?  What about using "!&quo= t; on the attributes parameter?

Ticket: 4  Bring SAML Binding Up to Date
Recommendation:  Leave as new
Comment:  No apparent work.

Ticket: 6  Nickname part of Name attribute
Recommendation:  Won't fix
Comment: While there are some advantages, I don't see enough value tha= t making a change makes sense.  Making name complex makes mapping for = LDAP harder.

Ticket: 8 Targeting and Proxying
Recommendation: Won't fix
Comment:  This functionality has been covered by draft 02 (tenanc= y section) and can be also enhanced by ticket 55 (redirection).

Ticket: 9 Add ability to mark attributes as unique in schemas
Recommendation: Apply to draft
Comment:  See discussion added Dec 30, values for uniqueness reco= mmended (note: more discussion may be needed)

Ticket: 10 Ability to mark attributes as sensitive in schemas
Recommendation:  Apply to draft
Comment:  Significant discussion and work occurred prior to and a= t IETF88 (vancouver) where informal consensus was obtained

Ticket: 11 Define Simple Language for Entitlements
Recommendation:  Defer
Comment:  Chris Phillips did some good starting work. But I don't= see enough discussion yet.  Focus on for a following draft?

Ticket: 12 OpenID Connect and SCIM
Recommendation:  Won't fix
Comment: This seems to be an item for OIDF.  That said, I have su= ggested that SCIM be a valid endpoint in draft-hunt-oauth-v2-user-a4c
Never-the-less, this isn't an item which impacts SCIM itself.  Sh= ould we leave open as a liaison/ note taking item?

Ticket : 13  Add "required" flag in configuration to su= pport etags
Recommendation:  Apply to draft
Comment:  Though no proposed text is available, this seems straig= ht forward

Ticket: 14 Enhance password and login metadata
Recommendation:  Defer to future draft
Comment:  There is significant work being done in the area by mor= e than one participant. There is a need to make a standardized, inter-opera= ble recommendation. However, there is no significant proposal on the ticket= at this time.

Ticket: 15 Soft Delete and Resurrection
Recommendation: Defer to future draft

Ticket:16 Attribute selection in query responses
Recommendation:  Won't fix (Duplicate)
Comment:  This item covered by Ticket 10 which determines what at= tributes are returned by default

Ticket: 18 Review Patch Function
Recommendation: Defer
Comment:  Still had complaints on my side. Yet no new proposal ha= s been drafted


--_000_D31DEBB3A29D4272A5138FD6B6E1D876nexussafecom_-- From prvs=4085AFDE17=erik.wahlstrom@nexusgroup.com Wed Jan 8 07:35:22 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C93F1AE463 for ; Wed, 8 Jan 2014 07:35:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.6 X-Spam-Level: X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i74SfqDi2JIH for ; Wed, 8 Jan 2014 07:35:19 -0800 (PST) Received: from mailedge.nexussafe.com (mailedge.nexussafe.com [83.241.133.98]) by ietfa.amsl.com (Postfix) with ESMTP id CB5B01ADF7D for ; Wed, 8 Jan 2014 07:35:18 -0800 (PST) Received: from MARVMAILCAS.technxs.com (10.75.28.37) by MailEdge.nexussafe.com (83.241.133.98) with Microsoft SMTP Server (TLS) id 14.0.722.0; Wed, 8 Jan 2014 16:35:12 +0100 Received: from MARVMAILDB.technxs.com ([fe80::2481:7a28:782a:7fc7]) by MarvMailCAS.technxs.com ([fe80::cd7:3e15:4b14:c076%14]) with mapi id 14.03.0158.001; Wed, 8 Jan 2014 16:35:08 +0100 From: =?Windows-1252?Q?Erik_Wahlstr=F6m?= To: Phil Hunt Thread-Topic: [scim] Open Ticket Recommendations (Tickets 21 - 40 ) Thread-Index: AQHPBaM7gOTc/TrL80KFfV8i8d/1vJp68mKA Date: Wed, 8 Jan 2014 15:35:08 +0000 Message-ID: <022741DC-1D25-4289-8426-4A422EBE0784@nexussafe.com> References: In-Reply-To: Accept-Language: en-US, sv-SE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.75.28.139] Content-Type: multipart/alternative; boundary="_000_022741DC1D25428984264A422EBE0784nexussafecom_" MIME-Version: 1.0 Cc: "scim@ietf.org WG" Subject: Re: [scim] Open Ticket Recommendations (Tickets 21 - 40 ) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2014 15:35:22 -0000 --_000_022741DC1D25428984264A422EBE0784nexussafecom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable +1 on everything a part from Ticket: 39 Clarification for response body on= DELETE. We had a small discussion about it and it looks like it lands on a 204 inst= ead of a 200. I can create a patch. The discussion: http://www.ietf.org/mail-archive/web/scim/current/msg01392.= html Possible solution in comment. http://trac.tools.ietf.org/wg/scim/trac/ticket/39 I will create a diff for it unless some one chimes in against a 204. / Erik On 30 Dec 2013, at 22:07, Phil Hunt > wrote: Continuing the open ticket review=85. Ticket: 21Add "application" or "system" resource schema Recommendation: Defer Comment: This is of interest. OAuth is defining client registration and th= is could be the basis for a new schema. This could easily be done in the oA= uth client registration draft or a separate SCIM WG draft. Defer for now. Ticket: 22 Add metadata to attributes Recommendation: Defer Comment: This would be difficult in some cases to implement at the attribut= e level in a general way. More discussion needed Ticket: 23 Clarify requirements for preserving case in attribute values Recommendation: Defer Comment: More discussion needed. Ticket: 24 Add negation operator for filters Recommendation: Apply to draft Comment: I think Kelly made a proposal that was accepted at IETF 88? Note:= ticket is not up-to-date Ticket: 26 Allow search for groups with member foo, but only return member= foo and not all members Recommendation: Won't fix Comment: This can be avoided by constructing a filter that confirms members= hip and then requesting only the group id and/or name to be returned. Ticket: 30 Recommendation: Defer Comment: No significant work done Ticket: 31 Support for Consistent Paged Results Recommendation: Won't Fix Comment: While the ticket is not up-to-date, there has been a lot of discus= sion that there is not a strong desire for this feature compared with the p= ossible costs. At present, current implementers feel retaining search stat= e necessary for consistent results could become a drain on resources and a = possible DoS problem. Ticket: 32 Async / Workflow Support Recommendation: Defer Comment: I think we need some practical implementation exploration before c= ommenting on this issue. There is a general async REST issue here. Ticket: 35 Define Mutability Recommendation: Add to draft Comment: This was discussed at IETF88 with recommendations put forward and = agreed by the audience. Ticket: 36 Address is a complex multi-valued attribute or list of sub-att= ributes Recommendation: Defer Comment: this item still needs some discussion Ticket: 37 Error response when server is unwilling to perform query Recommendation: Defer Comment: Could be quickly resolved, however no specific proposal entered on= ticket Ticket: 39 Clarification for response body on DELETE Recommendation: Defer Comment: This could be resolved quickly. Should follow common REST practic= es IMHO. Ticket: 40 JSON format for defining a set of SCIM schema extensions Recommendation: Defer Comment: More discussion needed. Could be done as a separate draft Tickets 41 to 55 to follow=85 Phil @independentid www.independentid.com phil.hunt@oracle.com _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_022741DC1D25428984264A422EBE0784nexussafecom_ Content-Type: text/html; charset="Windows-1252" Content-ID: <59D16BC9177C9A418379F4E9832AA38F@nexussafe.com> Content-Transfer-Encoding: quoted-printable +1 on everything a part from Ticket: 39  Clarification for re= sponse body on DELETE.

We had a small discussion about it and it looks like it lands on a 204= instead of a 200. I can create a patch.


Possible solution in comment.

I will create a diff for it unless some one chimes in against a 204.

/ Erik


On 30 Dec 2013, at 22:07, Phil Hunt <phil.hunt@oracle.com> wrote:

Continuing the open ticket review=85.

Ticket:  21Add "application" or "system" reso= urce schema
Recommendation: Defer
Comment: This is of interest.  OAuth is defining client registrat= ion and this could be the basis for a new schema. This could easily be done= in the oAuth client registration draft or a separate SCIM WG draft.  = Defer for now.

Ticket:  22 Add metadata to attributes
Recommendation:  Defer
Comment: This would be difficult in some cases to implement at the att= ribute level in a general way. More discussion needed

Ticket:  23 Clarify requirements for preserving case in attribute= values
Recommendation: Defer
Comment: More discussion needed.

Ticket:  24 Add negation operator for filters
Recommendation: Apply to draft
Comment: I think Kelly made a proposal that was accepted at IETF 88? &= nbsp;Note: ticket is not up-to-date

Ticket:  26 Allow search for groups with member foo, but only ret= urn member foo and not all members
Recommendation: Won't fix
Comment: This can be avoided by constructing a filter that confir= ms membership and then requesting only the group id and/or name to be retur= ned.

Ticket:  30
Recommendation: Defer
Comment: No significant work done

Ticket:  31 Support for Consistent Paged Results
Recommendation: Won't Fix
Comment: While the ticket is not up-to-date, there has been a lot of d= iscussion that there is not a strong desire for this feature compared with = the possible costs.  At present, current implementers feel retaining s= earch state necessary for consistent results could become a drain on resources and a possible DoS problem.

Ticket:  32 Async / Workflow Support
Recommendation: Defer
Comment: I think we need some practical implementation exploration bef= ore commenting on this issue. There is a general async REST issue here.

Ticket:  35 Define Mutability
Recommendation: Add to draft
Comment: This was discussed at IETF88 with recommendations put forward= and agreed by the audience.

Ticket:  36  Address is a complex multi-valued attribute or = list of sub-attributes
Recommendation: Defer
Comment: this item still needs some discussion

Ticket:  37 Error response when server is unwilling to perform qu= ery
Recommendation: Defer
Comment: Could be quickly resolved, however no specific proposal enter= ed on ticket

Ticket: 39  Clarification for response body on DELETE
Recommendation: Defer
Comment: This could be resolved quickly.  Should follow common RE= ST practices IMHO.

Ticket: 40 JSON format for defining a set of SCIM schema extensions
Recommendation: Defer
Comment:  More discussion needed. Could be done as a separate dra= ft

Tickets 41 to 55 to follow=85

Phil

@independentid
phil.hunt@oracle.com

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

--_000_022741DC1D25428984264A422EBE0784nexussafecom_-- From prvs=4085AFDE17=erik.wahlstrom@nexusgroup.com Wed Jan 8 07:35:26 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76B451AE4BD for ; Wed, 8 Jan 2014 07:35:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.6 X-Spam-Level: X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIHXuqnfZOCD for ; Wed, 8 Jan 2014 07:35:24 -0800 (PST) Received: from mailedge.nexussafe.com (mailedge.nexussafe.com [83.241.133.98]) by ietfa.amsl.com (Postfix) with ESMTP id 086921AE4B8 for ; Wed, 8 Jan 2014 07:35:24 -0800 (PST) Received: from MARVMAILCAS.technxs.com (10.75.28.37) by MailEdge.nexussafe.com (83.241.133.98) with Microsoft SMTP Server (TLS) id 14.0.722.0; Wed, 8 Jan 2014 16:35:17 +0100 Received: from MARVMAILDB.technxs.com ([fe80::2481:7a28:782a:7fc7]) by MarvMailCAS.technxs.com ([fe80::cd7:3e15:4b14:c076%14]) with mapi id 14.03.0158.001; Wed, 8 Jan 2014 16:35:13 +0100 From: =?Windows-1252?Q?Erik_Wahlstr=F6m?= To: Phil Hunt Thread-Topic: [scim] Open Ticket Recommendations (Tickets 41 +) Thread-Index: AQHPBaYeb8/D4DLtcUCHUtD7+XkUNpp68mGA Date: Wed, 8 Jan 2014 15:35:13 +0000 Message-ID: <6495DDC8-2F32-4DF4-BDCD-BE72634748D2@nexussafe.com> References: In-Reply-To: Accept-Language: en-US, sv-SE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.75.28.139] Content-Type: multipart/alternative; boundary="_000_6495DDC82F324DF4BDCDBE72634748D2nexussafecom_" MIME-Version: 1.0 Cc: "scim@ietf.org WG" Subject: Re: [scim] Open Ticket Recommendations (Tickets 41 +) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2014 15:35:26 -0000 --_000_6495DDC82F324DF4BDCDBE72634748D2nexussafecom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable +1 on everything a part from one thing :) I will have a crack at ticket #43. I would like to remove the short hand ve= rsion and clean that up a bit. Don=92t want to wait :) I can also compile some diff files for the following ticket. - Ticket: 52 Minor textual changes - Ticket: 53 Consumer vs Client - Ticket: 54 Define core resource when referencing attributes / Erik On 30 Dec 2013, at 22:28, Phil Hunt > wrote: Final open ticket recommendations: Ticket: 41 Add IANA considerations Recommendation: Defer Comment: still a todo Ticket: 42 Make server root searches optional Recommendation: Apply to draft Comment: This has been discussed on list and at IETF 87/88. Should proceed = with proposed text Ticket: 43 Consider dropping short-hand notation for complex multi-valued a= ttributes Recommendation: defer / merge with 36 Comment: Seems to be related to ticket 36? Ticket: 44 Add JSON Schemas for Core Schema Resources Recommendation: Apply to draft Comment: Seems straight forward. Note: seems related to Ticket 40 (JSON fo= rmat for defining a set of scim schema extensions) Ticket: 45 LDAP Mapping Recommendation: Defer Comment: LDAP is more of an endpoint (client) rather than SCIM SP capable i= tem. Would an LDAP Profile of SCIM (e.g. no complex attributes Users) be mo= re appropriate? Ticket: 46 Clarify error responses and allow non-HTTP error codes Recommendation: Defer Comment: Need proposal text. Seems tied in with Ticket 37 Ticket: 47 Attribute Indexing Recommendation: Apply to draft Comment: Item proposal reviewed and discussed at IETF88 Ticket: 48 Operations with Extended Schema Attributes Recommendation: Apply to draft Comment: Seems like a straight forward clarification Ticket: 49 Ends With filter missing Recommendation: Apply to draft Comment: Apply missing filter to draft Ticket: 50 Filter semantics do not allow filtering on complex plural attrib= utes (aka inner join) Recommendation: Apply to draft Comment: A reasonable set of proposals was given at IETF88 -- consensus wa= s around adding [subattr clause] notation. Ticket: 51 Formalize searching by schema Recommendation: Apply to draft Comment: Seems like a reasonable clarification (?) Ticket: 52 Minor textual changes Recommendation: Apply to draft Comment: editorial issues. Ticket: 53 Consumer vs Client Recommendation: Apply to draft Comment: editorial issues. Ticket: 54 Define core resource when referencing attributes Recommendation: Apply to draft Comment: editorial issue Ticket: 55 Redirection Recommendation: Apply to draft (for now) Comment: some limited discussion on list. Is this an item that should be el= evated to the WG working on REST? Phil @independentid www.independentid.com phil.hunt@oracle.com _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_6495DDC82F324DF4BDCDBE72634748D2nexussafecom_ Content-Type: text/html; charset="Windows-1252" Content-ID: <7544038531EB0247A6E812CECACCB7CB@nexussafe.com> Content-Transfer-Encoding: quoted-printable +1 on everything a part from one thing :)

I will have a crack at ticket #43. I would lik= e to remove the short hand version and clean that up a bit. Don=92t want to= wait :)

I can also compile some diff files for the fol= lowing ticket.
- Ticket: 52 Minor textual changes
- Ticket: 53 Consumer vs Client
- Ticket: 54 Define core resource when referencing attributes

/ Erik

On 30 Dec 2013, at 22:28, Phil Hunt <phil.hunt@oracle.com> wrote:

Final open ticket recommendations:

Ticket: 41 Add IANA considerations
Recommendation: Defer
Comment: still a todo

Ticket: 42 Make server root searches opt= ional
Recommendation: Apply to draft
Comment: This has been discussed on list= and at IETF 87/88. Should proceed with proposed text

Ticket: 43 Consider dropping short-hand = notation for complex multi-valued attributes
Recommendation: defer / merge with 36
Comment: Seems to be related to ticket 3= 6?

Ticket: 44 Add JSON Schemas for Core Sch= ema Resources
Recommendation: Apply to draft
Comment: Seems straight forward.  N= ote: seems related to Ticket 40 (JSON format for defining a set of scim sch= ema extensions)

Ticket: 45 LDAP Mapping
Recommendation: Defer
Comment: LDAP is more of an endpoint (cl= ient) rather than SCIM SP capable item. Would an LDAP Profile of SCIM (e.g.= no complex attributes Users) be more appropriate?

Ticket: 46 Clarify error responses and a= llow non-HTTP error codes
Recommendation: Defer
Comment: Need proposal text. Seems tied = in with Ticket 37

Ticket: 47 Attribute Indexing
Recommendation: Apply to draft
Comment: Item proposal reviewed and disc= ussed at IETF88

Ticket: 48 Operations with Extended Sche= ma Attributes
Recommendation:  Apply to draft
Comment: Seems like a straight forward c= larification

Ticket: 49 Ends With filter missing
Recommendation: Apply to draft
Comment: Apply missing filter to draft

Ticket: 50 Filter semantics do not allow= filtering on complex plural attributes (aka inner join)
Recommendation: Apply to draft
Comment:  A reasonable set of propo= sals was given at IETF88 -- consensus was around adding [subattr clause] no= tation.

Ticket: 51 Formalize searching by schema=
Recommendation: Apply to draft
Comment:  Seems like a reasonable c= larification (?)

Ticket: 52 Minor textual changes
Recommendation: Apply to draft
Comment: editorial issues.

Ticket: 53 Consumer vs Client
Recommendation: Apply to draft
Comment: editorial issues.

Ticket: 54 Define core resource when ref= erencing attributes
Recommendation: Apply to draft
Comment: editorial issue

Ticket: 55 Redirection
Recommendation: Apply to draft (for now)=
Comment: some limited discussion on list= . Is this an item that should be elevated to the WG working on REST?

Phil

@independentid

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

--_000_6495DDC82F324DF4BDCDBE72634748D2nexussafecom_-- From phil.hunt@oracle.com Wed Jan 8 08:31:41 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7646C1AE4EC for ; Wed, 8 Jan 2014 08:31:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.437 X-Spam-Level: X-Spam-Status: No, score=-4.437 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CCm4g5AEnSOs for ; Wed, 8 Jan 2014 08:31:38 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id EF2E81AE411 for ; Wed, 8 Jan 2014 08:31:37 -0800 (PST) Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id s08GVRxd018334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 8 Jan 2014 16:31:28 GMT Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s08GVQ1X014405 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 8 Jan 2014 16:31:26 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s08GVPwt002584; Wed, 8 Jan 2014 16:31:25 GMT Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 08 Jan 2014 08:31:25 -0800 References: <6495DDC8-2F32-4DF4-BDCD-BE72634748D2@nexussafe.com> Mime-Version: 1.0 (1.0) In-Reply-To: <6495DDC8-2F32-4DF4-BDCD-BE72634748D2@nexussafe.com> Content-Type: multipart/alternative; boundary=Apple-Mail-C32B0925-9BD1-445B-BEF6-CA59F9BEF9F1 Content-Transfer-Encoding: 7bit Message-Id: X-Mailer: iPhone Mail (11B554a) From: Phil Hunt Date: Wed, 8 Jan 2014 08:31:22 -0800 To: =?utf-8?Q?Erik_Wahlstr=C3=B6m?= X-Source-IP: ucsinet22.oracle.com [156.151.31.94] Cc: "scim@ietf.org WG" Subject: Re: [scim] Open Ticket Recommendations (Tickets 41 +) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2014 16:31:41 -0000 --Apple-Mail-C32B0925-9BD1-445B-BEF6-CA59F9BEF9F1 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Erik, Thanks for the great follow ups. Post the diffs to the tickets would be good= .=20 Cheers, Phil > On Jan 8, 2014, at 7:35, Erik Wahlstr=C3=B6m wrote: >=20 > +1 on everything a part from one thing :) >=20 > I will have a crack at ticket #43. I would like to remove the short hand v= ersion and clean that up a bit. Don=E2=80=99t want to wait :) >=20 > I can also compile some diff files for the following ticket. > - Ticket: 52 Minor textual changes > - Ticket: 53 Consumer vs Client > - Ticket: 54 Define core resource when referencing attributes >=20 > / Erik >=20 >> On 30 Dec 2013, at 22:28, Phil Hunt wrote: >>=20 >> Final open ticket recommendations: >>=20 >> Ticket: 41 Add IANA considerations >> Recommendation: Defer >> Comment: still a todo >>=20 >> Ticket: 42 Make server root searches optional >> Recommendation: Apply to draft >> Comment: This has been discussed on list and at IETF 87/88. Should procee= d with proposed text >>=20 >> Ticket: 43 Consider dropping short-hand notation for complex multi-valued= attributes >> Recommendation: defer / merge with 36 >> Comment: Seems to be related to ticket 36? >>=20 >> Ticket: 44 Add JSON Schemas for Core Schema Resources >> Recommendation: Apply to draft >> Comment: Seems straight forward. Note: seems related to Ticket 40 (JSON f= ormat for defining a set of scim schema extensions) >>=20 >> Ticket: 45 LDAP Mapping >> Recommendation: Defer >> Comment: LDAP is more of an endpoint (client) rather than SCIM SP capable= item. Would an LDAP Profile of SCIM (e.g. no complex attributes Users) be m= ore appropriate? >>=20 >> Ticket: 46 Clarify error responses and allow non-HTTP error codes >> Recommendation: Defer >> Comment: Need proposal text. Seems tied in with Ticket 37 >>=20 >> Ticket: 47 Attribute Indexing >> Recommendation: Apply to draft >> Comment: Item proposal reviewed and discussed at IETF88 >>=20 >> Ticket: 48 Operations with Extended Schema Attributes >> Recommendation: Apply to draft >> Comment: Seems like a straight forward clarification >>=20 >> Ticket: 49 Ends With filter missing >> Recommendation: Apply to draft >> Comment: Apply missing filter to draft >>=20 >> Ticket: 50 Filter semantics do not allow filtering on complex plural attr= ibutes (aka inner join) >> Recommendation: Apply to draft >> Comment: A reasonable set of proposals was given at IETF88 -- consensus w= as around adding [subattr clause] notation. >>=20 >> Ticket: 51 Formalize searching by schema >> Recommendation: Apply to draft >> Comment: Seems like a reasonable clarification (?) >>=20 >> Ticket: 52 Minor textual changes >> Recommendation: Apply to draft >> Comment: editorial issues. >>=20 >> Ticket: 53 Consumer vs Client >> Recommendation: Apply to draft >> Comment: editorial issues. >>=20 >> Ticket: 54 Define core resource when referencing attributes >> Recommendation: Apply to draft >> Comment: editorial issue >>=20 >> Ticket: 55 Redirection >> Recommendation: Apply to draft (for now) >> Comment: some limited discussion on list. Is this an item that should be e= levated to the WG working on REST? >>=20 >> Phil >>=20 >> @independentid >> www.independentid.com >> phil.hunt@oracle.com >>=20 >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >=20 --Apple-Mail-C32B0925-9BD1-445B-BEF6-CA59F9BEF9F1 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Erik,

Thanks f= or the great follow ups. Post the diffs to the tickets would be good. <= /div>

Cheers,

Phil

On Jan 8, 2014, a= t 7:35, Erik Wahlstr=C3=B6m <erik.wahlstrom@nexusgroup.com> wrote:

+1 on everything a part from one thing :)

I will have a crack at ticket #43. I would like t= o remove the short hand version and clean that up a bit. Don=E2=80=99t want t= o wait :)

I can also compile some diff files for the follo= wing ticket.
- Ticket: 52 Minor textual changes
- Ticket: 53 Consumer vs Client
- Ticket: 54 Define core resource when referencing attributes

/ Erik

On 30 Dec 2013, at 22:28, Phil Hunt <phil.hunt@oracle.com> wrote:

Final open ticket recommendations:

Ticket: 41 Add IANA considerations
Recommendation: Defer
Comment: still a todo

Ticket: 42 Make server root searches opti= onal
Recommendation: Apply to draft
Comment: This has been discussed on list a= nd at IETF 87/88. Should proceed with proposed text

Ticket: 43 Consider dropping short-hand n= otation for complex multi-valued attributes
Recommendation: defer / merge with 36
Comment: Seems to be related to ticket 36= ?

Ticket: 44 Add JSON Schemas for Core Sche= ma Resources
Recommendation: Apply to draft
Comment: Seems straight forward.  No= te: seems related to Ticket 40 (JSON format for defining a set of scim schem= a extensions)

Ticket: 45 LDAP Mapping
Recommendation: Defer
Comment: LDAP is more of an endpoint (cli= ent) rather than SCIM SP capable item. Would an LDAP Profile of SCIM (e.g. n= o complex attributes Users) be more appropriate?

Ticket: 46 Clarify error responses and al= low non-HTTP error codes
Recommendation: Defer
Comment: Need proposal text. Seems tied i= n with Ticket 37

Ticket: 47 Attribute Indexing
Recommendation: Apply to draft
Comment: Item proposal reviewed and discu= ssed at IETF88

Ticket: 48 Operations with Extended Schem= a Attributes
Recommendation:  Apply to draft
Comment: Seems like a straight forward cl= arification

Ticket: 49 Ends With filter missing
=
Recommendation: Apply to draft
Comment: Apply missing filter to draft

Ticket: 50 Filter semantics do not allow f= iltering on complex plural attributes (aka inner join)
Recommendation: Apply to draft
Comment:  A reasonable set of propos= als was given at IETF88 -- consensus was around adding [subattr clause] nota= tion.

Ticket: 51 Formalize searching by schema<= /div>
Recommendation: Apply to draft
Comment:  Seems like a reasonable cl= arification (?)

Ticket: 52 Minor textual changes
Recommendation: Apply to draft
Comment: editorial issues.

Ticket: 53 Consumer vs Client
Recommendation: Apply to draft
Comment: editorial issues.

Ticket: 54 Define core resource when refe= rencing attributes
Recommendation: Apply to draft
Comment: editorial issue

Ticket: 55 Redirection
Recommendation: Apply to draft (for now)<= /div>
Comment: some limited discussion on list.= Is this an item that should be elevated to the WG working on REST?

Phil

@independentid

_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/= mailman/listinfo/scim

= --Apple-Mail-C32B0925-9BD1-445B-BEF6-CA59F9BEF9F1-- From peter.gietz@daasi.de Wed Jan 8 08:52:44 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8931AE049 for ; Wed, 8 Jan 2014 08:52:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.365 X-Spam-Level: X-Spam-Status: No, score=-1.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JfC76rNMaBne for ; Wed, 8 Jan 2014 08:52:42 -0800 (PST) Received: from mailserver.daasi.de (mailserver.daasi.de [178.63.152.251]) by ietfa.amsl.com (Postfix) with ESMTP id AAD861AE04A for ; Wed, 8 Jan 2014 08:52:41 -0800 (PST) Received: by mailserver.daasi.de (Postfix, from userid 1001) id 4C01440117D; Wed, 8 Jan 2014 17:52:31 +0100 (CET) Received: from [192.168.100.210] (fw.daasi.de [85.220.140.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailserver.daasi.de (Postfix) with ESMTPS id C4FFF400699; Wed, 8 Jan 2014 17:52:29 +0100 (CET) Message-ID: <52CD824F.4010400@daasi.de> Date: Wed, 08 Jan 2014 17:52:31 +0100 From: Peter Gietz User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Phil Hunt , "scim@ietf.org WG" References: In-Reply-To: Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [scim] Open Ticket Recommendations (Tickets 41 +) X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2014 16:52:44 -0000
especially #45 is fine with me to defer.
An LDAP Profile would be a good start (that's what I thought in the first place).
I am still willing to do substantial work on that, but while keeping my company going I didn't find substatial time to do so yet unfortunately. 

Cheers,

Peter


Am 30.12.2013 22:28, schrieb Phil Hunt:
Final open ticket recommendations:

Ticket: 41 Add IANA considerations
Recommendation: Defer
Comment: still a todo

Ticket: 42 Make server root searches optional
Recommendation: Apply to draft
Comment: This has been discussed on list and at IETF 87/88. Should proceed with proposed text

Ticket: 43 Consider dropping short-hand notation for complex multi-valued attributes
Recommendation: defer / merge with 36
Comment: Seems to be related to ticket 36?

Ticket: 44 Add JSON Schemas for Core Schema Resources
Recommendation: Apply to draft
Comment: Seems straight forward.  Note: seems related to Ticket 40 (JSON format for defining a set of scim schema extensions)

Ticket: 45 LDAP Mapping
Recommendation: Defer
Comment: LDAP is more of an endpoint (client) rather than SCIM SP capable item. Would an LDAP Profile of SCIM (e.g. no complex attributes Users) be more appropriate?

Ticket: 46 Clarify error responses and allow non-HTTP error codes
Recommendation: Defer
Comment: Need proposal text. Seems tied in with Ticket 37

Ticket: 47 Attribute Indexing
Recommendation: Apply to draft
Comment: Item proposal reviewed and discussed at IETF88

Ticket: 48 Operations with Extended Schema Attributes
Recommendation:  Apply to draft
Comment: Seems like a straight forward clarification

Ticket: 49 Ends With filter missing
Recommendation: Apply to draft
Comment: Apply missing filter to draft

Ticket: 50 Filter semantics do not allow filtering on complex plural attributes (aka inner join)
Recommendation: Apply to draft
Comment:  A reasonable set of proposals was given at IETF88 -- consensus was around adding [subattr clause] notation.

Ticket: 51 Formalize searching by schema
Recommendation: Apply to draft
Comment:  Seems like a reasonable clarification (?)

Ticket: 52 Minor textual changes
Recommendation: Apply to draft
Comment: editorial issues.

Ticket: 53 Consumer vs Client
Recommendation: Apply to draft
Comment: editorial issues.

Ticket: 54 Define core resource when referencing attributes
Recommendation: Apply to draft
Comment: editorial issue

Ticket: 55 Redirection
Recommendation: Apply to draft (for now)
Comment: some limited discussion on list. Is this an item that should be elevated to the WG working on REST?

Phil

@independentid
phil.hunt@oracle.com



_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim



-- 

Peter Gietz, CEO

DAASI International GmbH        
Europaplatz 3                   
D-72072 Tübingen                
Germany                    

phone: +49 7071 407109-0
fax:   +49 7071 407109-9  
email: peter.gietz@daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz
From phil.hunt@oracle.com Wed Jan 8 12:18:09 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2EF01AE584 for ; Wed, 8 Jan 2014 12:18:08 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.738 X-Spam-Level: X-Spam-Status: No, score=-4.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-K8LCV-lS_V for ; Wed, 8 Jan 2014 12:18:07 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 7194E1AE57F for ; Wed, 8 Jan 2014 12:18:07 -0800 (PST) Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id s08KHvVc012128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 8 Jan 2014 20:17:58 GMT Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s08KHvVA013622 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 8 Jan 2014 20:17:57 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userz7022.oracle.com (8.14.5+Sun/8.14.4) with ESMTP id s08KHuj5013612 for ; Wed, 8 Jan 2014 20:17:56 GMT Received: from [192.168.1.124] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 08 Jan 2014 12:17:56 -0800 From: Phil Hunt Content-Type: multipart/alternative; boundary="Apple-Mail=_CDA9E657-DC8A-4A0D-8143-5AD9B6CB0D08" Message-Id: Date: Wed, 8 Jan 2014 12:17:54 -0800 To: "scim@ietf.org WG" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) X-Source-IP: ucsinet22.oracle.com [156.151.31.94] Subject: [scim] Consistency of value/$ref sub-attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jan 2014 20:18:09 -0000 --Apple-Mail=_CDA9E657-DC8A-4A0D-8143-5AD9B6CB0D08 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii SCIM User schema defines the multi-valued "groups" attribute as complex = with sub attributes "value" and "$ref", but the SCIM Enterprise User = schema defines single valued "manager" attribute as complex with sub = attributes "managerId" and "$ref". Seems like it would have been better = to be consistent regarding sub attributes for attributes that reference = other resources (e.g. user, groups, etc.) and always have their sub = attributes be "value" for the id and "$ref" for the URI. Should we make this consistent for any attributes like this to have a = value with an "id" and a $ref being the URI to said resource? Phil @independentid www.independentid.com phil.hunt@oracle.com --Apple-Mail=_CDA9E657-DC8A-4A0D-8143-5AD9B6CB0D08 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii SCIM = User schema defines the multi-valued "groups" attribute as complex with = sub attributes "value" and "$ref", but the SCIM Enterprise User schema = defines single valued "manager" attribute as complex with sub = attributes "managerId" and "$ref". Seems like it would have been better = to be consistent regarding sub attributes for attributes that = reference other resources (e.g. user, groups, etc.) and always have = their sub attributes be "value" for the id and "$ref" for the = URI.

Should we make this consistent for any = attributes like this to have a value with an "id" and a $ref being the = URI to said resource?
= --Apple-Mail=_CDA9E657-DC8A-4A0D-8143-5AD9B6CB0D08-- From ayyagarikiran@gmail.com Wed Jan 8 19:24:31 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F5591AE07D for ; Wed, 8 Jan 2014 19:24:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cs89zdbCkGzg for ; Wed, 8 Jan 2014 19:24:29 -0800 (PST) Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) by ietfa.amsl.com (Postfix) with ESMTP id 908911AE053 for ; Wed, 8 Jan 2014 19:24:29 -0800 (PST) Received: by mail-wg0-f51.google.com with SMTP id z12so2035499wgg.18 for ; Wed, 08 Jan 2014 19:24:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=e2xchA0el8gdpkfeXYgng12zuEP5TsrXxFW+7wVk2KM=; b=00ultsZRnyH74wBZW6N+uNYET6GLIHdfG5cS5Ik9YUKDT0tLOEI83EDyaS+T8wZo/Q Gor4+wxGUZ2CAHclHGJmz9n/4bRhEF9CWV0bqcPBcUKxn0qYrWYQiXpz8tvVVfJL1AiW H08qQ4ci2F+n1Oi9iN7OiptzJVWryWvWXoNAhqoMt9t/q2VNucIQx3O3BRdeQ2bSiy6G qr2Nrzp+kOXQA+39XNNtlzBIfFpHc0kFz5E2FwGIohUuOiYvC0UAP4I82ibIw8Xs+Bej QoFQx2qboT5QQTQXC6mWI+qS5go/n2rcVR1tYTtPrzGcLcfqFvhhkNav2tKWQpy2EPoC ftsg== MIME-Version: 1.0 X-Received: by 10.194.77.7 with SMTP id o7mr510033wjw.35.1389237859809; Wed, 08 Jan 2014 19:24:19 -0800 (PST) Sender: ayyagarikiran@gmail.com Received: by 10.216.166.194 with HTTP; Wed, 8 Jan 2014 19:24:19 -0800 (PST) In-Reply-To: References: Date: Thu, 9 Jan 2014 08:54:19 +0530 X-Google-Sender-Auth: x5Cz1IN013FNEmOKmWfe9HsOlCA Message-ID: From: Kiran Ayyagari To: "scim@ietf.org WG" Content-Type: multipart/alternative; boundary=047d7bfd05fc24804f04ef812513 Subject: Re: [scim] Consistency of value/$ref sub-attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jan 2014 03:24:31 -0000 --047d7bfd05fc24804f04ef812513 Content-Type: text/plain; charset=ISO-8859-1 On Thu, Jan 9, 2014 at 1:47 AM, Phil Hunt wrote: > SCIM User schema defines the multi-valued "groups" attribute as complex > with sub attributes "value" and "$ref", but the SCIM Enterprise User schema > defines single valued "manager" attribute as complex with sub attributes > "managerId" and "$ref". Seems like it would have been better to be > consistent regarding sub attributes for attributes that reference other > resources (e.g. user, groups, etc.) and always have their sub attributes be > "value" for the id and "$ref" for the URI. > > Should we make this consistent for any attributes like this to have a > value with an "id" and a $ref being the URI to said resource? > > +1 > Phil > > @independentid > www.independentid.com > phil.hunt@oracle.com > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > -- Kiran Ayyagari http://keydap.com --047d7bfd05fc24804f04ef812513 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable



On Thu, Jan 9, 2014 at 1:47 AM, Phil Hunt <phil.hunt@oracle.com= > wrote:
SCIM Use= r schema defines the multi-valued "groups" attribute as complex w= ith sub attributes "value" and "$ref", but the SCIM Ent= erprise User schema defines single=A0valued "manager" attribute a= s complex with sub attributes "managerId" and "$ref". S= eems like it would have been better to be consistent regarding sub attribut= es for=A0attributes that reference other resources (e.g. user, groups, etc.= ) and always have their sub attributes be "value" for the id and = "$ref" for the URI.

Should we make this consistent for any attributes like this = to have a value with an "id" and a $ref being the URI to said res= ource?

+1

_______________________________________________ scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim




--
Kiran Ayyagari
<= a href=3D"http://keydap.com" target=3D"_blank">http://keydap.com
--047d7bfd05fc24804f04ef812513-- From phil.hunt@oracle.com Thu Jan 9 11:01:48 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05A181AE540 for ; Thu, 9 Jan 2014 11:01:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.738 X-Spam-Level: X-Spam-Status: No, score=-4.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pWALQon9E4nF for ; Thu, 9 Jan 2014 11:01:46 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 33F511AE537 for ; Thu, 9 Jan 2014 11:01:46 -0800 (PST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id s09J1ZkT006144 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 9 Jan 2014 19:01:36 GMT Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s09J1YAT010705 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Jan 2014 19:01:35 GMT Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s09J1XpI029932; Thu, 9 Jan 2014 19:01:33 GMT Received: from [192.168.1.124] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 09 Jan 2014 11:01:33 -0800 From: Phil Hunt Content-Type: multipart/alternative; boundary="Apple-Mail=_3F9C935E-EDB3-4AD2-8E47-F5835655452A" Date: Thu, 9 Jan 2014 11:01:32 -0800 Message-Id: To: "scim@ietf.org WG" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) X-Source-IP: acsinet21.oracle.com [141.146.126.237] Cc: Kelly Grizzle Subject: [scim] Summary of ticket items and plan for Draft 03 X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jan 2014 19:01:48 -0000 --Apple-Mail=_3F9C935E-EDB3-4AD2-8E47-F5835655452A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Folks, Based on the summary I posted in December and Erik's feedback, I have = assembled a spread sheet indicating the plan for Draft 03 of API and = Schema (see attached). TBD -- means will be in a future draft after 03. Won't fix means the = item is proposed to be closed with no action. Important: * Feel free to comment/object on what items are / are not in draft 03 = that you feel are important to address now. * For those items marked on draft 03, please post any changes you would = like to the marked tickets or just discuss on the list. In the interest of moving ahead, I would like to begin the edits on = these items along with Kelly. Phil @independentid www.independentid.com phil.hunt@oracle.com --Apple-Mail=_3F9C935E-EDB3-4AD2-8E47-F5835655452A Content-Type: multipart/mixed; boundary="Apple-Mail=_3D81961F-5B6F-436B-AFF1-AB82E8083C41" --Apple-Mail=_3D81961F-5B6F-436B-AFF1-AB82E8083C41 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
= --Apple-Mail=_3D81961F-5B6F-436B-AFF1-AB82E8083C41 Content-Disposition: attachment; filename=SCIM-Ticket-Plan.xlsx Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; name="SCIM-Ticket-Plan.xlsx" Content-Transfer-Encoding: base64 UEsDBBQABgAIAAAAIQA7SI5AbAEAAMQEAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAAC AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACs lMtOwzAQRfdI/EPkLUrcskAINe2CxxIqUT7AxJPE1C953NL+PROXIlSFVBXdxIrHc+8Za8aT2cbo bA0BlbMlGxcjloGtnFS2Kdnb4im/ZRlGYaXQzkLJtoBsNr28mCy2HjCjbIsla2P0d5xj1YIRWDgP liK1C0ZE+g0N96Jaigb49Wh0wytnI9iYx06DTScPUIuVjtnjhrZ3JJTOsvvduc6qZMJ7rSoRCZR3 Ud6bF0DjQOLaygO6/JusoMwkjq3yePW3w4eH5sBBma60FCCqF7rOoCRkcxHiszDEzjeaf7qwfHdu WQyX1kPo6lpVIF21MnRrBfoAQmILEI0u0loYoeyeecA/HUaelvGZQbr6kvARjkg9Ajx9/4+QZI4Y YtxqwDNXuxM95tyKAPI1BpqmswP81h7ioL6ZB+eRpi7A6bewH48uO/ckBCEq+BmQvmb7caSRPd3w oNuhexMkyB5vnt6g6RcAAAD//wMAUEsDBBQABgAIAAAAIQB9zFSeDQEAAN0CAAALAAgCX3JlbHMv LnJlbHMgogQCKKAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAArJJNTsMwEIX3SNzBmn3jtCCEUJ1uEFJ3CIUDTO1pYhL/yHYhvT2GRUOkElWC pT3j5+/Nm/VmMD17pxC1swKWRQmMrHRK20bAa/20uAcWE1qFvbMk4EgRNtX11fqFekz5UWy1jyyr 2CigTck/cB5lSwZj4TzZXNm7YDDlY2i4R9lhQ3xVlnc8/NSAaqLJtkpA2KobYPXR55//os0NJVSY kEsXaOFDJgtJZy+sxtBQEqCcfM7X8bujyNTAzwPdXg7k9nst6dHJgyGbznjmNCSyitQ8Eno/R7T8 T6Ip8zifoecfLnQ757o5ltXlLL+vwhhXag9mZ1H3I8gpqFOtePPUfMXFJ0tZfQIAAP//AwBQSwME FAAGAAgAAAAhAIyWxW7zAAAAugIAABoACAF4bC9fcmVscy93b3JrYm9vay54bWwucmVscyCiBAEo oAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKySz2rDMAzG74O9g9F9cdKNMUadXsag1y17 AGMrcWhiG0v7k7efyaBNoXSXXAyfhL/vJ6Ht7mccxBcm6oNXUBUlCPQm2N53Cj6a17snEMTaWz0E jwomJNjVtzfbNxw050/k+kgiu3hS4Jjjs5RkHI6aihDR504b0qg5y9TJqM1Bdyg3Zfko09ID6jNP sbcK0t7eg2immJP/9w5t2xt8CeZzRM8XIiTxNOQBRKNTh6zgTxeZEeTl+IdV451OaN855e0uKZbl azDVmjDfIR3IIfJpHccSyblTXYPZrAnD+WDwBDJLOb9HBnl2cfUvAAAA//8DAFBLAwQUAAYACAAA ACEADFcDLBUCAAB0AwAADwAAAHhsL3dvcmtib29rLnhtbIxT246bMBB9r9R/cK28JhACKYqAVZps tJGqKupl93HlGBOs+IJsU4hW/fcOZrNN1Ze+4LnYZ86cGbK7Xgr0kxnLtcrxfBZixBTVJVenHP/4 vpumGFlHVEmEVizHF2bxXfH+XdZpcz5qfUYAoGyOa+eaVRBYWjNJ7Ew3TEGm0kYSB645BbYxjJS2 ZsxJEURhuAwk4QqPCCvzPxi6qjhlW01byZQbQQwTxAF9W/PG4iKruGCPY0eINM0XIoF3LzASxLr7 kjtW5jgBV3fsr4Bpm08tF5CNoiiMcFC8dXkwyNa626vzWintfL0cg1jQLj1vtGwgdOSCuwuoiBFp nR6ihll74NS1YAz3AXIQ7ZGzzv5BH1zUP3FV6i7HcQi4l6sHducTT7x0NVBLl8u32APjp9pBxTRO IejI8etADdoDDKgV3BTzwkNRfyLlVfk2DAPo+tgeGgfbrDgYZl/OPcL1Wckqrlg5qAkgN94r1HMv lJwdDFfueQ2DHvSlRPgKA3KIi7Hah8l6Ml9NHiZxmgU3OMD2xoMa8JqC7sPhqYEugzJUK9oaA+Pf QOZVVNa7z9YVGZyoNTzHLx+TaHGfbBfTKNktpuvkPpzOl4touox3URJvoihOol/X3ZP9P8snOTXa 6srNqJbBuHewrzRgPWV+fdNxfYtM9qu1ofV+i3aCnGDOfnXgIhAavp5ZcP1hit8AAAD//wMAUEsD BBQABgAIAAAAIQAvSHhnAAcAAAUTAAAUAAAAeGwvc2hhcmVkU3RyaW5ncy54bWyMWO9TGzcQ/d6Z /g875840mYltjCFNM+Dg2tDSyQ8mpsNncSefNeiki6TDmL++T7qzQyQn4RMg6Xa1u++9XXHy7qGS dM+NFVqdZqPBQUZc5boQqjzN/ru+6L/JyDqmCia14qfZhtvs3eTXX06sdYRvlT3NVs7Vb4dDm694 xexA11xhZ6lNxRz+NOXQ1oazwq44d5UcHh4cvB5WTKiMct0od5qND8cZNUp8afisXRmN3mSTEysm J25yLfI77k6GbnIy9Cth1Tt/a2uW41Kwbrm559mEFk1VMbN53uGZrmpEpZ5p+3pT8+cZ/rRW3Dzv 6MIx19jnnZ0hi44X0eFJbxSvzLSyouCGjJbc0lq4lVBUGt3UsatJrg3vt7WLzXC1YirnVZqhSWHY 0vUFd0t8K6r+EytnTmtpB37PFz82qvg6XuodxivToqCalUIxB2BSzmp2K6RwG3KaatkYJukzt7ox OSfmnBG3jeNJbKwWseU7LuVmUBrx+Cj5mWVC1looN8h1FR/tjeOVXV75Qy6bghfTnWsCds0Glzas 4i6pfpIwXO0nieodxe7/MqAluRWnxfTDe7oVyvOUmrrvdL8ANOIPHLN3yZpWG8WKs0rkRlu93B/6 6/izG93IghSoqBAgLYWjW+4QKCF7OlzKb7zCb0xhy18MlRPOkl4rYha/krCoX8Fiek56b2J318yU 3Hkj0B6qjX7Y4I/4VO/PeMUD5wlUoAV3T/Dhr9HKDG4d7tyJVmymNzqIl35u2XKwzol7/hPj9UrI wQrCd6YNyyXfi71RQuo5XwoFtHu53pAVVS05SabKhpUoiDZQbiecDHxNqDBbGWEHV3AtRW3PcqaY EXDN4jh7o4SNn6Dol3MC+hXPXajIYnb5Af5QGs+exFtvlHAn5I8yw780wvAio6Vkpc9UrtVSlKB0 oDqwZJu61sYRd6xMLHMj7gZrtpLWGV2dKf7QWMuWe5PIrBWl2ieYCbXOW6kDf61dawMQITapoUAE OjOQa0+ijuPc+RhtzXOxFHkbji+LJxkVXEIWglmouBLojV7Z0Cy7wAFNEIc/OI8iv7NEZgwP9mI/ BV+iEPFqb5SwdqdPZOE/Dy4RUqtV6JpofzaVzd4o4eNnfi/4Gulx+YqWjQqmkgscJqy5hH2UklGG QK1Gy4fXVrZ3ulFpJIdetFR8mRpNmBCgpChjdS27RGeERGd2Yx2vnvj4vtEE5N7ottS+y3ztKj+4 WoLymQStlhtEGWDuW6cN3OxmFK9oObNBInYe6J7JZk8ZDhOY+kt6/Ve8fIofxN5p8IWQ0GTvxbbl TtOZgkRKvcZ5ZnxtYasdFMLYgJRUtxD5pdavCD0Wmi59dK4xnhnbvYBrpVFoKbvlhLm9cYKOGyPA CQfQ+/s3SMv9jIF8l9OPUzgpBUge4mxz2IrOliF7HCRIWXRS4qMKzRv4UI6uoJiFHyAauUe7xik2 7EblNKQbbe6WPlmd3SS540QSOtX+0LhtW/J32fHS0os1s29pxpRGc8VY4zBltuH+7ee1bTYHg0FK jXFay6IAwdBsoSbQD98jHqhCmCJgDLq2nVjacuIc5AgjEY5LpNvLjm1ud6f2JPmPOOouRG4MItuK Cq1XHG0fsMJgjiHBN961bz6AJmoNNUAeqs7rMAhSbLc3Ttp7S6+tuEIld+5udbEJ4J2fvz+/Pk9s HSXg+3fx6SNdhFeK/0EhDH+9KS14SETA2yI8a+j8+7A7SmDnaRowHDCHQbwDccdJn4Dp1WV6xwR4 2++pYnctqUM2jQbVWsICK7r2us5kai+Vp+3DoDC6roPFFVptHzMbhjuNt4hvPR6h32CnH4MnhcXR Xq0KOe5mrM6sb2ltSlG70An2GEto9H4+vUISwp3jOGs/bw9KPDgez+bT6eJyMN9T/4QqW6n+Fre+ C4MlQRJByf4/19dX1B7Bs3iPSB8lfNiRG9NNwR+Q5fjGvaOkwWLG2qLEP9davOGFQR3+dkb3ZCuh CTr1Cwxn7cvvJYZ13xSoEpiH9lzmOKFG20WAsIphpMwtFRo4Az66xHiAtEY9hICYLVq6p9kP5OM4 IUugoBSPwEVoQd7kLQbcAJIkc8cJRxYa75FKKNzJd5IGGpoDzyW3rwiPVATOIBNhfIG4+e55cBim qjSTx+PY3wLTHGY3P3lbyjwdm4qbLLRC9Cu8Z2AvDIxZLgV6S4YV6Ha5Io1u6Xf9QDiI7faOU75I qztX4bsw/W050sqpwdxn8P8Zn6If5TihT0DxZ15g8u4G+KkUmDi/18eOE7Z8YHfIMl4NpU/otomg 8JhW26YaYKsRsaHfcNGvh5I8X/81j/MxDQPlcO7/rRDv3Wj1u6ML8RBvhNN0kBRt3tTDm4vvnR6+ +7ozxL+xJv8DAAD//wMAUEsDBBQABgAIAAAAIQAwD4hrEQcAAN4dAAATAAAAeGwvdGhlbWUvdGhl bWUxLnhtbOxZT28bRRS/I/EdRntvYyd2Gkd1qtixW2jTRrFb1ON4PfZOM7uzmhkn8Q21RyQkREFc kLhxQEClVuJSPk2gCIrUr8Cbmd31TjxunBJAQHNovbO/9+a93/szf/bqteOYoUMiJOVJM6hergSI JCEf0mTcDO72u5c2AiQVToaY8YQ0gymRwbWtd9+5ijdVRGKCQD6Rm7gZREqlmysrMoRhLC/zlCTw bsRFjBU8ivHKUOAj0BuzldVKZX0lxjQJUIJjUHtnNKIhQX2tMtjKlXcYPCZK6oGQiZ5WTRwJgx0e VDVCTmWbCXSIWTOAeYb8qE+OVYAYlgpeNIOK+QtWtq6u4M1MiKkFsiW5rvnL5DKB4cGqmVOMB8Wk 1W6tcWWn0G8ATM3jOp1Ou1Mt9BkADkPw1NpS1lnrblRbuc4SyP6c192u1Cs1F1/SvzZnc6PVatUb mS1WqQHZn7U5/EZlvba96uANyOLrc/haa7vdXnfwBmTx63P47pXGes3FG1DEaHIwh9YB7XYz7QVk xNkNL3wD4BuVDD5DQTYU2aWnGPFELcq1GD/gogsADWRY0QSpaUpGOIQsbuN4ICjWE+BNgktv7FAo 54b0XEiGgqaqGbyfYqiImb5Xz7999fwpevX8ycnDZycPfzh59Ojk4fdWlyN4AyfjsuDLrz/5/csP 0W9Pv3r5+DM/XpbxP3/30U8/fuoHQgXNLHrx+ZNfnj158cXHv37z2APfFnhQhvdpTCS6TY7QPo/B N0OMazkZiPNJ9CNMHQkcgW6P6o6KHODtKWY+XIu45N0T0Dx8wOuTB46tvUhMFPXMfDOKHeAu56zF hZeAm3quEsP9STL2Ty4mZdw+xoe+uds4cULbmaTQNfOkdLhvR8Qxc4/hROExSYhC+h0/IMTj3X1K HV53aSi45COF7lPUwtRLSZ8OnESaCd2gMcRl6vMZQu1ws3sPtTjzeb1DDl0kFARmHuP7hDk0XscT hWOfyj6OWZnwW1hFPiN7UxGWcR2pINJjwjjqDImUPpk7AvwtBf0mhn7lDfsum8YuUih64NN5C3Ne Ru7wg3aE49SH7dEkKmPfkweQohjtceWD73K3QvQzxAEnC8N9jxIn3Gc3grt07Jg0SxD9ZiI8sbxO uJO/vSkbYWK6DLR0p1PHNHld22YU+rad4W3bbgbbsIj5iufGqWa9CPcvbNE7eJLsEaiK+SXqbYd+ 26GD/3yHXlTLF9+XZ60YurTekNi9ttl5xws33iPKWE9NGbklzd5bwgI07MKgljOHTlIcxNIIfupK hgkc3FhgI4MEVx9QFfUinMK+vRpoJWOZqR5LlHIJ50Uz7NWt8bD3V/a0WdfnENs5JFa7fGiH1/Rw ftwo1BirxuZMm0+0phUsO9nalUwp+PYmk1W1UUvPVjWmmabozFa4rCk253KgvHANBgs2YWeDYD8E LK/DsV9PDecdzMhQ825jlIfFROGvCVHmtXUkwkNiQ+QMl9ismtjlKTTnn3bP5sj52CxYA9LONsKk xeL8WZLkXMGMZBA8XU0sKdcWS9BRM2jUV+sBCnHaDEZw0oWfcQpBk3oviNkYrotCJWzWnlmLpkhn Hjf8WVWFy4sFBeOUcSqk2sEysjE0r7JQsUTPZO1frdd0sl2MA55mspwVaxuQIv+YFRBqN7RkNCKh Kge7NKK5s49ZJ+QTRUQvGh6hAZuIfQzhB061P0Mq4cLCFLR+gNs1zbZ55fbWrNOU77QMzo5jlkY4 65b6diavOAs3/aSwwTyVzAPfvLYb587viq74i3KlnMb/M1f0cgA3CGtDHYEQLncFRrpSmgEXKuLQ hdKIhl0B677pHZAtcEMLr4F8uGI2/wtyqP+3NWd1mLKGg6Dap2MkKCwnKhKE7EFbMtl3hrJqtvRY lSxTZDKqZK5MrdkDckhYX/fAdd2DAxRBqptukrUBgzudf+5zVkGDsd6jlOvN6WTF0mlr4O/euNhi BqdO7SV0/ub8FyYWq/ts9bPyRjxfI8uO6BezXVItrwpn8Ws0sqne0IRlFuDSWms71pzHq/XcOIji vMcwWOxnUrgHQvofWP+oCJn9XqEX1D7fh96K4POD5Q9BVl/SXQ0ySDdI+2sA+x47aJNJq7LUZjsf zVq+WF/wRrWY9xTZ2rJl4n1OsotNlDudU4sXSXbGsMO1HVtINUT2dInC0Cg/h5jAmA9d5W9RfPAA Ar0Dt/4TZr9OyRSeTB2ke8Jk14APp9lPJu2Ca7NOn2E0kiX7ZITo8Dg/fxRM2BKyX0jyLbJBazGd aIXgmu/Q4ApmeC1qV8tCePVs4ULCzAwtuxA2F2o+BfB9LGvc+mgHeNtkrde6uHKmWPJnKFvCeD9l 3pPPspTZg+JrA/UGlKnj11OWMQXkzScefOEUGI5ePdN/YdGxmW5SdusPAAAA//8DAFBLAwQUAAYA CAAAACEAs0TqVPMCAAC+CQAADQAAAHhsL3N0eWxlcy54bWzEVk1P3DAQvVfqf7B8h2y2sIJVEtQi ReVQhASVenUSJ2vhj8hxYNNf3xkn2SyF/RBC7V7WHnue34zfTBxdrZUkT9w2wuiYhqczSrjOTSF0 FdOfD+nJBSWNY7pg0mge04439Cr5/ClqXCf5/YpzRwBCNzFdOVcvg6DJV1yx5tTUXMNKaaxiDqa2 CpraclY06KRkMJ/NFoFiQtMeYanyY0AUs49tfZIbVTMnMiGF6zwWJSpf3lTaWJZJoLoOz1g+YvvJ K3glcmsaU7pTgAtMWYqcv2Z5GVwGgJREpdGuIblptYvpAqDxhOWjNs86xSVI4LAriZrf5IlJsMxp kES5kcYSB5kBYiFaNFO833HNpMisQGPJlJBdb/Z+PpnDPiUgNNwVII+eTRK1YNh31uxfHvahkY1R XXxkBCNo6PNy5LUcvoW3YG2VxTRNZ/63M4Z92P6iG7hpIeVGd19QYmBIItC/41anMCHD+KGrQWAa SrUXit93YHdlWRfOz493aIwUBbKorrdlvUCEbLAJXfA1L6BMzjzwFlcUsOfl/yC8zNgCOtBYWFhD vSmJJC8doFpRrfDfmRrPMM5BuSZRIVhlNJMwDEaPYQCwOZfyHrvUr3KDjclbl0S3KlXuBuhBv8Nq GofAaxj2eP0E8Hc5heD/thNhdS2721Zl3Ka+CfrTvBWvbJp98/FP869SVFpxbDJAzzvcWeN47nyT 9srdxWf+n/gE29nuc7+V9sW70k7W5cH84/0N+YfQty9t491nsE+5b1C7cnc2YQHsPixQzNDGj8A6 wGvA2s8yRG6DTo+m+VJ7oNRee4fJn0+JeCd5LwcQwFYVvqjBjVoIfgehTRopzTMvyHdoYFYK/Qhf V3/7SKAV0gmNWrikZCWKguNbBfvK3ziv3CHqLXd4zOx1v8U6lePRKILpaF92k8whtGI9NRa/6vDh 4VvOJljAKHjJWukeNosxncY/eCFaBWENu+7Ek3EeIqbTuN/Vd9Lp4ZX8AQAA//8DAFBLAwQUAAYA CAAAACEAhllyJzALAACuPgAAGAAAAHhsL3dvcmtzaGVldHMvc2hlZXQxLnhtbIybXW/bOBaG7xfY /2D4vrEky19BkkEly/YAnd1iuztzrThKYtS2DFuZtjPY/76kKFvm+74bTS/Slnl8SD08JI/S8u6n 77tt7/fieNqU+/t+eBP0e8V+XT5t9i/3/f/8e/Fh2u+dqnz/lG/LfXHf/1Gc+j89/P1vd9/K49fT a1FUPRNhf7rvv1bV4XYwOK1fi11+uikPxd5857k87vLK/PX4MjgdjkX+VH9otx1EQTAe7PLNvu8i 3B7/Sozy+XmzLubl+m1X7CsX5Fhs88qM//S6OZzO0XbrvxJulx+/vh0+rMvdwYR43Gw31Y86aL+3 W9/+/LIvj/nj1jz39zDO1+fY9V8o/G6zPpan8rm6MeEGbqD8zLPBbGAiPdw9bcwTWO29Y/F83/8Y 3q7iaX/wcFcL+nVTfDtd/blX5Y9fim2xroonM0/93h9lufuyzu3YjMmrv//DGt9i6+f8pfiU/yjf Khu5+a6dw8ey/GqbfjZhA9v9gPpf1HP4+dh7zE9FWm5/2zxVr2YQpten4jl/21b/Kr+tis3La2Va R8aSlXX79GNenNZmlprA63Jrnsh87e02NteM4vx7/fs3F3B0E47jYByZCOu3U1Xuzh3ZYV0+FzWf M783nxuO3/1A3HzA/N58IAxupsMoGIa2q1P1w0oM62d3Y6wNzPMqf7g7lt96JjHNYE+H3KZ5eDs1 k7e2jR9tq1HZ75lHPJnW3x+Cu8HvRuG6IRImQp9ImYh8Yu6I4VUvYTj0mYyjALFgIvZjLJkY+cSK ifGFGBhTF11GidBlW31dk8vHa6EJE1OfSJmY+cTcEb4ueNSMo4QwcwuBwNQtBQJzt3JIXOdGHIbj dlY8X2a0wpdt9X3hvCcCgWdNBQLzOneI+XrJ4zCEMJkIg8oE0uZHPcFLgaAyh3QqM6tZKLOtoAxz TCCYZAJBZQ4xY71SBk+SiTCoTCCQz0uBQEcrh3Qqs5sdb2K21VcWwSgTgcBaSBmB55g74n1jHCWC Z10IpF1ULskYCSHKyiGdxszBIozZVjAGqyURCGRQyggac4RvDDrKOArtZAKB2VsKBI05pNPYRBqz rWAMdoZEILByU0ZCkDp3yPvKRBhI+IVAYHKWAkFlDulUZitsXpa2FZTBNpUIBEaZMgLE3BG+MbCa cRRKMoFgkgkEjTmk09hMGrOtvrEhzGsiEBhlyggac8T7xjgKGWNkCDqWjNBG5pBOY7ZWF0lWN4Mz 2E0TxcAulAoGrTWIrw0eOBNxyJtghpCwS8GQuYbpVmerXl6fIRfDQ9zTFIObmmBoV2sY3x3MQaYC Qf4vFAMTtVQMzNOqYbrd2fpXuOPKeYibWygYGGoqGHbn4nS4484475iJwe9SDCiGDWbVMN3uzJCV O9vsL9kYpicJBQPLOhUMu3NxzNd3qlwVCLwsFAOTuVQMPNiqYbrd2YpY5B3X0jEsoyQUDGwvqWDY nYvT4U50BpvIQnVG7jgO73eO6XZna2PhjqvqGPayxP7sB3MT1nUqGHbn4vjuwEumAlHe8YBCcicY yjvHdLuzVbJwx/V1DMNIQmZG8DipYNidi+O7g+fJRCB60RIMu+NBc9455uJu1j659zOQ0JbLwh0X 2iPYUpP6o/6eOIJHTgXD7lxfvjvYIDIVCCZqoZj2sd1bqmJg0KuGObuLrn7+47uzhbNwxyX3CM6B JBQMPHIqGHbn4vju4HkyFYjc8YA47wQDfa2avrrd2RJauOPiewTnQBIKBrapVDDszsXpcMedcY0i GMo7wZA7x3S6i/RrRd0M6xHPCsXgWSEYctcw77sTgWKYqIVgKO8Ug+4aptudfq+I+L1iBFOYCGYM yygVDLtzffnuIMkzFQg6WygGBr1UDLlzA+p2Z2txXrMRl+hjPCsUA8NIBcPuXF++O9g4MxWI3PGg Oe8EA4NeNX11uzNDVu5ss79mr/61ovnnGcHAI6cRM+zOMaaoeue9QgUid6IzyjvBkDvHXNxd/STG O2cjW0OLvOPyewzLKKk/Cn5hC0oFw+5cX747mIRMBSJ3PGjOO8GQO8dc3I3bp/Ld2RpauHOltUnw Sy6M6awQDJ0VzLA7x5ivl75CrFez+t+E/Ymic1YxlHdiQOTOMRd303YifXe2hhbuuPwewzCSiJkJ pEIqGAgzbxBfHeR4JuLwMcvjuVptrjQWcXCaVg1zVjcM/1/a6deKiF8rJnRUCAZmMBVxSJ0L46uD FM9EHHojE0wIY14qBsa8apiLuqh9J/CzzlbZIuu4+J60EZqTQjBtbtdMGjHDK9Yxvjt4nkwFghRf KAYmaqkY6GvVMBd3V/ntu7MVtHDHxfcEVlESCaZN7sYdM+zOMb476CwTnV09Ut3ZQjB8UogBkTvH XNxd1ayeu6F+q6ib/Y15AssoUQyeFIKBTJg3iK8OHicTceigUAwuWcVAX6uGadW1CeGr0y8VQ36p mMAzJ4KZwipKBUNp1zAd7nhA7E4wMOilGhC5c3Fad21C+O5skc1Ldsi19xSmMFEMDCMVDLtzffnu cMmKQLRkBUOnrGDolG2Yi7urrPHd2QJauOPae4pHxVAweFQIBjJh3iAd6rgvVscMnbJiPKzOxbmo m7Xz6Kuz9bNQx6X3tI3gTtmhYNqNwZ0UgiF1LkyHOu6LV6xgYKksxXhYnYtzVhdfbfO+OjNkpc42 +wfFlA4KwbT7QqOOGVLnEPP1nTeKIcdhdcxMobOligO7zKphLuqucsZXp98o7H+lBXUzOAQSxcAs p4Lhzc711eGOB8Qrlpmrt4F6LpdqQOTOxel2p18phvy6MIMuEsXAhpgKht2pdwrYHjIVCCZzIRg+ KPjBeMk65uxuFLWLyc87W9CL3Y7fBWZwCCRDwcAjp4Jhd+qdAgJlIhDnHQ+I6mIRh925ON3ubP0s 3HHpPYNTIBkKBrbEVDDszsXx1yy5487YHTPsTjCwoFbNoC/urv4rkJd3sX6nqJv9o2LWZq47ZRUD W3MqGHLXMO+7E4HInWDInWLQXcNc3F39m7TvzhbQnHexqM8D2F8SCeFpoSBIqnnDdNhTQ/LvByxU ZzCdS8WQPf+1YnRV2Pr29GtFzK8VYQB9JBLC80JA8DzzBumQp0aE8gQDs7kU46Etr2HOqTcO2s3I l2eLaJF6okYP8LyIFQRplSoImHnDdNjj3njhMsMLVzCQFqtmQN32bB0t7IkyPcATI1ZQO0uuQlYQ 2XOBOuxxb2yPGbYnGLLnmG57ZsjKnm32j4wwoDNDQbAq01hAZM8x5uvVCwZAmQoEG/FCMFToCYZX rhvQxd7VZRF/5dpiWuSeqNXxZSiJFQTbTCogEDxvkA553BmnHjP0MwExHpbn4lzkxW3e+PJsNS3k nQtxex/S3kBMYmxJqWXetAzrW5T2UxkxC2pZUsvqusUfra1fxWjP5XE7WmxJzY1Xt5jOzLxpuR4t Mgv61JJa7F3aS2Q3Wnex1V3rPLya28zVZm0utT6X+8pefjX7bvXjYG6C7su03DdXoq2zg7k6+0t+ fNnsT71t8WzWYXAzGQXXv+z/hz66+6/ye1V5qO+QPpaVudZa//HVXIUuzGQENyY9n8uyOv+l6fFL Ub0deuVxYy7Q1reb7/tbcw37tM4PRb/3ar7xhxl4vp0fNvf9OJrFs/Ekmpnj2YzcPBh/w8Qtvlef TlX9e+/taD73p7lvG0STYfjh4zgJPozsl2g8CT5MJlGYTNJgNg6C/56vPe/MbV245S3vPO/y9aD4 vi7qO95Td8f74W73/fbzp197v5RPxrGpxv+5L+yl5PrPvzU3md0FZDNMc4f2PNjB5ab5w/8AAAD/ /wMAUEsDBAoAAAAAAAAAIQBLKqIndGwAAHRsAAAXAAAAZG9jUHJvcHMvdGh1bWJuYWlsLmpwZWf/ 2P/gABBKRklGAAEBAQBIAEgAAP/iB7hJQ0NfUFJPRklMRQABAQAAB6hhcHBsAiAAAG1udHJSR0Ig WFlaIAfZAAIAGQALABoAC2Fjc3BBUFBMAAAAAGFwcGwAAAAAAAAAAAAAAAAAAAAAAAD21gABAAAA ANMtYXBwbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2Rl c2MAAAEIAAAAb2RzY20AAAF4AAAFbGNwcnQAAAbkAAAAOHd0cHQAAAccAAAAFHJYWVoAAAcwAAAA FGdYWVoAAAdEAAAAFGJYWVoAAAdYAAAAFHJUUkMAAAdsAAAADmNoYWQAAAd8AAAALGJUUkMAAAds AAAADmdUUkMAAAdsAAAADmRlc2MAAAAAAAAAFEdlbmVyaWMgUkdCIFByb2ZpbGUAAAAAAAAAAAAA ABRHZW5lcmljIFJHQiBQcm9maWxlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAABtbHVjAAAAAAAAAB4AAAAMc2tTSwAAACgAAAF4aHJIUgAAACgAAAGgY2FF UwAAACQAAAHIcHRCUgAAACYAAAHsdWtVQQAAACoAAAISZnJGVQAAACgAAAI8emhUVwAAABYAAAJk aXRJVAAAACgAAAJ6bmJOTwAAACYAAAKia29LUgAAABYAAALIY3NDWgAAACIAAALeaGVJTAAAAB4A AAMAZGVERQAAACwAAAMeaHVIVQAAACgAAANKc3ZTRQAAACYAAAKiemhDTgAAABYAAANyamFKUAAA ABoAAAOIcm9STwAAACQAAAOiZWxHUgAAACIAAAPGcHRQTwAAACYAAAPobmxOTAAAACgAAAQOZXNF UwAAACYAAAPodGhUSAAAACQAAAQ2dHJUUgAAACIAAARaZmlGSQAAACgAAAR8cGxQTAAAACwAAASk cnVSVQAAACIAAATQYXJFRwAAACYAAATyZW5VUwAAACYAAAUYZGFESwAAAC4AAAU+AFYBYQBlAG8A YgBlAGMAbgD9ACAAUgBHAEIAIABwAHIAbwBmAGkAbABHAGUAbgBlAHIAaQENAGsAaQAgAFIARwBC ACAAcAByAG8AZgBpAGwAUABlAHIAZgBpAGwAIABSAEcAQgAgAGcAZQBuAOgAcgBpAGMAUABlAHIA ZgBpAGwAIABSAEcAQgAgAEcAZQBuAOkAcgBpAGMAbwQXBDAEMwQwBDsETAQ9BDgEOQAgBD8EQAQ+ BEQEMAQ5BDsAIABSAEcAQgBQAHIAbwBmAGkAbAAgAGcA6QBuAOkAcgBpAHEAdQBlACAAUgBWAEKQ GnUoACAAUgBHAEIAIIJyX2ljz4/wAFAAcgBvAGYAaQBsAG8AIABSAEcAQgAgAGcAZQBuAGUAcgBp AGMAbwBHAGUAbgBlAHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsx3y8GAAgAFIARwBCACDV BLhc0wzHfABPAGIAZQBjAG4A/QAgAFIARwBCACAAcAByAG8AZgBpAGwF5AXoBdUF5AXZBdwAIABS AEcAQgAgBdsF3AXcBdkAQQBsAGwAZwBlAG0AZQBpAG4AZQBzACAAUgBHAEIALQBQAHIAbwBmAGkA bADBAGwAdABhAGwA4QBuAG8AcwAgAFIARwBCACAAcAByAG8AZgBpAGxmbpAaACAAUgBHAEIAIGPP j/Blh072TgCCLAAgAFIARwBCACAw1zDtMNUwoTCkMOsAUAByAG8AZgBpAGwAIABSAEcAQgAgAGcA ZQBuAGUAcgBpAGMDkwO1A70DuQO6A8wAIAPAA8EDvwPGA68DuwAgAFIARwBCAFAAZQByAGYAaQBs ACAAUgBHAEIAIABnAGUAbgDpAHIAaQBjAG8AQQBsAGcAZQBtAGUAZQBuACAAUgBHAEIALQBwAHIA bwBmAGkAZQBsDkIOGw4jDkQOHw4lDkwAIABSAEcAQgAgDhcOMQ5IDicORA4bAEcAZQBuAGUAbAAg AFIARwBCACAAUAByAG8AZgBpAGwAaQBZAGwAZQBpAG4AZQBuACAAUgBHAEIALQBwAHIAbwBmAGkA aQBsAGkAVQBuAGkAdwBlAHIAcwBhAGwAbgB5ACAAcAByAG8AZgBpAGwAIABSAEcAQgQeBDEESQQ4 BDkAIAQ/BEAEPgREBDgEOwRMACAAUgBHAEIGRQZEBkEAIAYqBjkGMQZKBkEAIABSAEcAQgAgBicG RAY5BicGRQBHAGUAbgBlAHIAaQBjACAAUgBHAEIAIABQAHIAbwBmAGkAbABlAEcAZQBuAGUAcgBl AGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAHMAZXRleHQAAAAAQ29weXJpZ2h0IDIwMDcg QXBwbGUgSW5jLiwgYWxsIHJpZ2h0cyByZXNlcnZlZC4AWFlaIAAAAAAAAPNSAAEAAAABFs9YWVog AAAAAAAAdE0AAD3uAAAD0FhZWiAAAAAAAABadQAArHMAABc0WFlaIAAAAAAAACgaAAAVnwAAuDZj dXJ2AAAAAAAAAAEBzQAAc2YzMgAAAAAAAQxCAAAF3v//8yYAAAeSAAD9kf//+6L///2jAAAD3AAA wGz/4QB0RXhpZgAATU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIA AIdpAAQAAAABAAAATgAAAAAAAABIAAAAAQAAAEgAAAABAAKgAgAEAAAAAQAAAQCgAwAEAAAAAQAA AG0AAAAA/9sAQwABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQEBAQEBAQEB/9sAQwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB/8AAEQgAbQEAAwERAAIRAQMRAf/EAB8AAAEF AQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFB BhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RV VldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrC w8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAA AAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRC kaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdo aWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT 1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A/qa8L6X4Qm8OaHLeeH9HuLuT Tbd7iee0V5ppmUl5JX3ZZ2PJJ5PerTVtk+92v11/4NxfN/h/kbv9j+B/+ha0L/wBX/4qndfyx++I Wfd/h/kdN4U+HOheMtTXTdF8H6LMw2td3T2O20sIWODPdT/MEHUxxDdNOwKRIxyQXW7ivvT/AK8/ ULPu/wAP8jB/Zh0vwd8SPjJ+0L4f8Q+AtGj074bXOl+DLDSb2O11G2+3+H/HvxX8Pah4jhSNfJtL jxJa6LpdxNbo8z29vbWVrNNLLbuxh/dpr/XpYZ9keJvhj8BfB3hvxD4u8SeB/Bml+HfC2h6t4j17 U7jSbcW+naLodhcanql/OQpIhs7G1nuJSASEjY0gPzQ/4J0/HzwF+1f4g+NHgv4jeCfgHN4t8Nr4 J+LXw+tfhmmmalaQfA/4uaQ2o+GPDPieW11DU1k+JHw01ayv/CfxKLSWjQazPp4NjAk8TzAH6R+O Pgz8KdP8FeML+y+H/he1vbLwv4gu7S5h0q3Sa3urbSbuaCeJwuUlilRJEYcq6gjkUAYvwj+D/wAL 9Z+FHwx1jVfAnhnUNU1X4e+C9S1K/utLt5bq+v77w3pt1eXlzKy7pJ7m4lkmmkPLyOzHk0Aehf8A Cjfg/wD9E48Jf+Ci2/8AiaAD/hRvwf8A+iceEv8AwUW3/wATQAf8KN+D/wD0Tjwl/wCCi2/+JoAP +FG/B/8A6Jx4S/8ABRbf/E0AH/Cjfg//ANE48Jf+Ci2/+JoAP+FG/B//AKJx4S/8FFt/8TQAf8KN +D//AETjwl/4KLb/AOJoAP8AhRvwf/6Jx4S/8FFt/wDE0AH/AAo34P8A/ROPCX/gotv/AImgA/4U b8H/APonHhL/AMFFt/8AE0AH/Cjfg/8A9E48Jf8Agotv/iaAPxf+EPx18S+L/wBujWfgh4i8DfBi D4SL+0Z+0R8GLaHW/g7eeDo00n4U+DtM8Q+EIPAvxgl8SzaP8RPizquo37nxH8OIfDv2qw8H2d94 maa0EcKsAftB/wAKN+D/AP0Tjwl/4KLb/wCJoAP+FG/B/wD6Jx4S/wDBRbf/ABNAB/wo34P/APRO PCX/AIKLb/4mgA/4Ub8H/wDonHhL/wAFFt/8TQAf8KN+D/8A0Tjwl/4KLb/4mgA/4Ub8H/8AonHh L/wUW3/xNAB/wo34P/8AROPCX/gotv8A4mgA/wCFG/B//onHhL/wUW3/AMTQAf8ACjfg/wD9E48J f+Ci2/8AiaAD/hRvwf8A+iceEv8AwUW3/wATQAf8KN+D/wD0Tjwl/wCCi2/+JoA+dP2uvhn8P/Bv 7Mfxy8VeFPCGg+H/ABJoPw48Sanout6VYQ2mo6XqNtZs9ve2VzGA8NxA+HjkU5VhmgD5G0jT/i9N pdjJo3wR+KWvaS9tG2n6zpMHhBtM1O1IzFeWLXnjCzumtpgd8RuLW3lKn54kPFO77/dp/kBo/wBl fHL/AKN6+MX/AID+B/8A5uKOZ9397/zAs+GfiR/wUK8H2M2k6F8CPDkOmfbJ5rRJvhdI18tu5AhT Ub2H9oOE6nfIg/f6hJDB57k+VbW0CxwRjberA7v9i7w/8XfAvj748eK/ij8O/Etv4i+I99pXii7s dN0vQtJSG91jxd8R/EF69ppl5451hrfRxJri2enyy63eXc01lfCeGCOKGS4QH2p8RbHRfiv4I8R/ Drx38KvH+s+DvF2nnSfEejx3ei6WuraVJNFLdabcXmk+N7K+FjfpF9l1G2iuY47+wlubG6Etpczx SAHOnwH4AHxV8P8Axrtvgj4w074leGvBWu/DrTfEOkvoWkrJ4L8RappWtajoGqaVp3ja20fWbRdW 0Ww1HTm1WwvJ9Juknl0ya1N3decAdl4z8TatqXg/xXp0Pw/8bRTah4a12yilnj8LrBHJdaXdQJJM 0fimWRYkaQNIyRyOEBKo7YUgGP8ACvX9Y0L4YfDjRLnwF4yubjR/AXg/Sp7izTwzJaTzaf4e060l mtZJvE8Ez20rws8DywQytEymSKNiUAB3v/Caal/0Tzx3/wB+vCn/AM1lAB/wmmpf9E88d/8Afrwp /wDNZQAf8JpqX/RPPHf/AH68Kf8AzWUAH/Caal/0Tzx3/wB+vCn/AM1lAB/wmmpf9E88d/8Afrwp /wDNZQAf8JpqX/RPPHf/AH68Kf8AzWUAH/Caal/0Tzx3/wB+vCn/AM1lAB/wmmpf9E88d/8Afrwp /wDNZQAf8JpqX/RPPHf/AH68Kf8AzWUAH/Caal/0Tzx3/wB+vCn/AM1lAB/wmmpf9E88d/8Afrwp /wDNZQB8maL+yl+z3oPxgl+Otn8AfidP8Q2+IHif4r2txqvjnV9Y8L6T8S/GWmNoviXx3ongDU/i rdeBNI8U6po7tpkms2HhyC9gs28m1lgVU2gH1n/wmmpf9E88d/8Afrwp/wDNZQAf8JpqX/RPPHf/ AH68Kf8AzWUAH/Caal/0Tzx3/wB+vCn/AM1lAB/wmmpf9E88d/8Afrwp/wDNZQAf8JpqX/RPPHf/ AH68Kf8AzWUAH/Caal/0Tzx3/wB+vCn/AM1lAB/wmmpf9E88d/8Afrwp/wDNZQAf8JpqX/RPPHf/ AH68Kf8AzWUAH/Caal/0Tzx3/wB+vCn/AM1lAB/wmmpf9E88d/8Afrwp/wDNZQAf8JpqX/RPPHf/ AH68Kf8AzWUAeAftVXGv+Ov2cfjT4P07wT4o06+8R/D3xDpVrf6yfDtvpVpNdWbok9/NZ+Ib+7jt kPMr29ldSgfchc8UAey/A3/kj/w4/wCxS0j/ANJloA+BP+CnHirwR4Mn/Y38Ra740m8J+INK/bG+ BWoEL4x1/Q7J/hrY+N9KuviZq2t6Bp+qW2i6x4e0ayi0iXWtU13TL+LQ7Sc+XcWUV/ci4AP1ItLu 2v7S2vrKeK6s723hu7S6gcSQ3NtcxrNBPDIpKvFNE6SRupIZGDAkGgD5d/aIsvEd54L/AGgJPCPj fxh8O/E+k/BLT/EeheLfAf8Awj58Uadqnhmfx/r1lDYJ4p8OeLdEmh1G40+PTtQgu9BvHn0+6uob Vra6kiuogD8nvAP7bfx5+Dlj8GPB3jH4h2utXPxS+DX7H/jLxV+0H+1hdW9n8N/A/ij4xfCP9pn4 seLtH1Cw+GnhP4aWmlav4n1z4XaF8O/A9jNqSrHd6pp8dxHqes6fp2geLgDl/DH/AAU//aS8AfCv 4j2OteBtC1Dxf4Z/a18efCPw74n+MmpNotv/AMKz8Q/E79q7XfCnxz8Ua54k8SfCj4fWvwau5vhb of7MXw3hk+ImjavpnjvQNRufF95Heah4Q8G+IAD9EP2P/wBob41fG/Wf2u9J+NOofCzSbvwLq/wp u/BHwu8FE6h4o8A+Dvid+y78JfihMNd8YW+uX2jfEfwxceNfFXjHQPC3xB0PStP0vxHq3hTxg+nX Mml22n6ToYBzX/BQj4weNvgh+y18K/Hvg34uWPwwttE1jRNW8baLa+M/A3w6+I/xd8FaL8LfFuq3 nw0+CvjP4k+AviR4Ltfivc67a+HvFPh3wvrHhqMfEe28L6l8OoPEPhp/FB1i2APCbz/gqX8Stb1Z fhx8Ovh34Nb4sp4w8ceE9X8K/EWPxnpuufDuyf8AbZ/ZW/Zq+DPiH4r+HNFs11Hw9ceN/hV+0HrX xe1PR4BA93L4VQeH5E8OteX0QBjeEP8Agox+2Trlvp/hnVvhJ8DLTx7448UfCLwv4I1axt/izJ4K 0E+J/wBrT4pfsn+PNa8ZWV3JFrepRRXHw3h+K/hXStKv9I+yaH4gj8I63rF2bFPHOpAHmvif/grp +0h4A/Z+1D4l/EH4ZfB7QvHus/DD4QfF74caFpOl/EHUvC2rWvj7wv8AtUarrPwt8S614t8UfDyz 0Xxml7+y9eXOieIX1pDew+P9E8KeH/APjnxpaaVp/jAA9f8AEv8AwUp/ad8LeH9V+Jt58C/h9qXw +8b/ALQ3jT9kn4G+GNKk8eH4gr8cdR0SCL4AXPxLvrpIdGXwT8TfiI7+BNfvdC0qzXwobnRNYOrX n9q3OnaSAft7B5whh+0mJrjyo/tDQK6QtNsHmmFZGeRYjJuMau7uEwGZjkkAloAKACgAoAKACgAo AKACgAoAKACgAoAKACgAoAKACgDy742f8kk+In/Yqat/6TNQB4R8LdE/aOn+HXgybwx8RPhHpvh6 Xw9pz6Pp+s/C7xTquq2dgYF+z2+oanafE7S7W/uo0wJrqDTbGOVslbaMcUAcB8Zfj58Qv2fpbQfF z47/AAo8KWVzZQ6nc+IE/Zi+OOv+EfD+l3GpJo8OqeMfGXhvxtq/hbwVpkmpyR2gvvFWr6RbqWM8 jpaxy3EYB7zHof7U80cc0PxV+BssUqLJFLH8IfGEkckbqGSSN1+LxV0dSGV1JVlIIJBzQBH4btfi 3pfirxfc+NvH3w2a8svCfhu+utY0/wACaxo2i2uhw3/i+VTdw6l8Qrx4JbOSLULm81CTUVtTayQK beA2sk84B6At/wCJZ7iwsk+JHw5mu9Um1SHTLRfDU0lxqNxoExi1qKwgHj4y3c2iXCGPVEt0kfTZ lKXYhkXFAGu2l/ERwVfxV4QZWBVg3gfU2BVvvKQfG5BDdweD3oAzNc074hDRtYeXxT4TdP7Kv/NV PBWpxyPGtrOWRZD41cKSCwRijhGYttbkEA5DS9c1TQNC+HOl638Tvhp4fvPFemaPp/hHSNf0b7Hq ev30Ol2dwum6LDeePLKbXdTtoWikli021eb7s32eJWUAA9E/s34jc/8AFWeEueT/AMURqnJ6ZP8A xXHPAFAFC9fxnpsmnQ6j498B2E2r340vSYr3wpeWsmqam1pd366dpyT+PEa9v2sbC+vRaWwluDaW V3cCPybeZ0AIbG58V6vdazp+m/EL4e6nfeG9Sg0nxDZWPhe5vbrQdXm0vTNfttM1m2g8eyzaXqUu i6xo2tQWd8kF0+l6rpmpRxm0vrWaUAx/FXwy1PxxN4Un8YT/AA98SS+BvFun+PPCB1bwBql0vh/x npNjqenaV4l0+NvHQiXVtNtNZ1NLC4lSX7JLdG7gWO8ht54QDX1y+8U+GdOk1jxJ8Rvh54f0iG4s LSXVNc8M3Gk6dFd6tqFrpOl20l9f+Pre2S41LVb6y0ywhaUSXmoXlrZ26yXNxFG4Brf2d8Rv+hs8 Jf8AhEap/wDNxQAf2d8Rv+hs8Jf+ERqn/wA3FAHM33iPVdM0bXPEWpfFn4Waf4f8MTX9v4l12+0Y WmjeHp9KdY9Th1zU5/iFHZaTNp0jql/Hfz272jsq3AjJAIBrGXxiNVXQz4/8BDW209tWXRz4Uu/7 VbSkuUs31NdP/wCE8+1nT0u5I7VrwQm3W5dIDIJWCkA0P7O+I3/Q2eEv/CI1T/5uKAD+zviN/wBD Z4S/8IjVP/m4oAP7O+I3/Q2eEv8AwiNU/wDm4oAP7O+I3/Q2eEv/AAiNU/8Am4oAP7O+I3/Q2eEv /CI1T/5uKAD+zviN/wBDZ4S/8IjVP/m4oAP7O+I3/Q2eEv8AwiNU/wDm4oAP7O+I3/Q2eEv/AAiN U/8Am4oAP7O+I3/Q2eEv/CI1T/5uKAD+zviN/wBDZ4S/8IjVP/m4oAP7O+I3/Q2eEv8AwiNU/wDm 4oAP7O+I3/Q2eEv/AAiNU/8Am4oAP7O+I3/Q2eEv/CI1T/5uKAD+zviN/wBDZ4S/8IjVP/m4oA84 +MFj46j+F/jx9Q8S+GrqyXwzqjXVva+EdQs7maEW7F44buXxdex28jDhZXtLhUJyYn6UAdX8Dv8A kj/w4/7FLR/1tlNAHxl+3V4I/aT+LuteCvhX4R+CunfFr9l7UtMbXPjdoFl8XfD3wv8AFXxF1vTt ct7jw98MtRvte0vUJbL4ZyJYprPjU6J5Ws+Llks/C66hpOjDXI9YAP0YsVKWVmhtI7Apa26mxhaN 4rIrEgNpE0SpE0dtjyUaJFjKoCiqpAoA+F/25Pg58Rv2g/gb+0p8EPhVe6dpvjP4rfCXwB4Htr/V 9R1/StOttB8QeO9esPGc1xeeGfEfhLW9qeDZfEBFpaa/aJqTgaZeRX1leXNhdAHwx+z/APsWfH34 I/EX/gnfr3iH4OaX488VfCTU/wBq3V/j78adM+IGm3l14ZtP2lPE3xH8RWvhbTZ/il8Q/FvxR8T6 XoOveM18ReIIbDW9VtdRuZJdSgOpa35kKgH7s0AZHiDnQdb/AOwRqX/pHNQB+WHj74BfFa6/aNtP jHonwB+HX7QGkfEH9mv4C/DL4a+OfHWseBPtX7I/j/4beK/iL4o1rxxF4W8daRe3epeG/FU3jzwR 4wlu/hvLeeML3xN8JNN0jV9ISzXw1rekgHytoX7JH/BSzxL4Us9G8QfE744+ANPh8LzrrmmP+2J4 j1vxprnxx0T9lr4r+GtT+Jul/EDQNUXU9F+EvxC/aL1n4T+J/DHwnt9VsNF8PHwdquvap4F8J6Lr uoeDJwDrda/Z3/4Kfa9d+Pzo/jC80vxBe+L9H8c+DviD8Qfilb6qPDvjO7/ZZ/aV+H+q6b4O8HaR r3ivwLo/wk8LfF/xV8IfEfhi40z4dfDvx/cyXmsQ+MtE+IFv4S0/xPqQB5XF+xz/AMFD7DTtYvvh 3q3xr+DWh/ET9oLxf498XaAv7Sdh8Xf2gbVbn9mD9lj4V/DPx94l+KOu/FHwVpHjrTPBHjr4V/Fy 4uvAfifxx400I6Z4j8Gy3/gPx9pelp4f0YA++9U/Zv8A2np/2Wfjf4Ss/ix8V4vj98Xv2mde8UHx XD8dfEsF74Q+B9x+2HJrOj6H8K9Ye8l034T2dp+yikOkweH/AAdYaZMmpyTWN5Jda0xuwAfJfxJ/ Y7/bt8Z+OPHXhf8Atzxfrvw1h+JEOpQ6j47/AGh9T8a+APiL8JPD3x//AGcvHPwF8L+Gfht4i1G+ v/A3xE+DngH4feNV+IfxA1azsvEPxG8Sf2rd6h4p+IV38QTe+FgDK0L9m/8A4Kh6R8J/GH/CR/Ef 4veO/jWvxb+HWv2ejj4yWnhn4OeN5/DMnxk/4SfWm8RaN8dtN+K/hD4N+Oh4o+H8uueE/A0nwrvP CU3g3wZcaD8DfGFlpfjbw941APcf22/gz/wU51z436r4p/Y4+J8Wl/Da68E+F/Flt4d8R/ENdJ09 Pi+LbxP8CvE3gyLS7q0m+xfD6L4X/E3/AIaLtWgDW918avgj4ZQ2iX+vLcqAfMnxh/4Jz/tX+LdV +N8aP4t8cJ8Rfgh+2b8EPBPiK++P97p8OkWPjjxz8NvEfwZ8R+PvDVzrFlofiLV/E2gaR4tgu9dl 8P8AiPXNC8ZxaJrWvon2HSNV0sA9pvf2Pv26J/iZHpEfxU+I0fwatPim+k2viGL9obxPH8W5P2fb n9qDwf8AEW78PXXxKOoH4nXFzJ8LU8X+Hlll8VN4jt9Hez8OWmsQTwabdWwB5H+2+P27Php+x7+x d8OJPEHx91b4lRJ8R/D/AMfPGfwV1z4m678Qr2PQvhv4n0zwDeW/jb4Uan4Y1rxF8WLm/vdB1fwF Y+LfE+n+C/H3xF0pI/iBba/a/aUAB6T8TP2ZP2977wdq+t+BfGnx91rXPiJ8Rv2xNai8ML+1t4l8 A6z8Nf8AhMdcvYv2FPFJubjW20qx+G3wT8JPdP8AFX4Q6Dc383ibxDrek6l4l8N/FSbwpBpUYBy3 xu8Gf8FO/DuieINPvT8VPFmh6D8QdY02LxX8JPjonhrxF8aLD46ft/8A7IPibwppPhHStIjbxD8I 9N+HX7PFp8cPh1qXifxDJY6b8O9B1XXE028i8IzSeIQAfRf7Kfwe/bn8CfHf4Ya78WNQ8ea58LJP hh8TdK8WaV8R/jzfePbf4Y2l78V/iV4r+C3hnRptE8aK3xa+Lmk/DzxH4D+H3xd8bfE3wF4qt7+P wVZ+IPBHxjN3HqekeKwD9dqACgAoAKACgAoAKACgAoAKAPLvjZ/yST4if9ipq/8A6TNQB4N8Lf2c fhf4m+HXg3xDqsPjY6lrPh/TtQvjYfFH4l6TZm5uIFaU22maV4ss9OsYd33LaytYLeIfLHEqjFAH y5+2nP4D/ZP0Lwv4n0rwhZ+NbfX9QtdH07wJ4g/av+OPg/4s/EbxBe67oukQ+Evg14XtE8R6Z4q8 Q+TrMV7KdX1rR7OBvs0Fybe2nl1G3APtyL9lj4QyRRyNa/ESJnjR2ik+MXxYMkTMoYxuU8bum9CS rbWZcg7WYYJAPMfiAPgJ+yl4V+NXxW8f3/iTRfhh8MPhhpXxC8Vajf8Ajfxxr2pRW9ndeLo57fT5 dU8TS3l1e6kbKw03R9HF4lvcatcwxW6wz308kgB5d4Y/bO/ZP8aal8Fn8KaP8XfEPgH49fE7xX8G PAnxk0n/AISG++FTfFLwv4l+J3hdPBuq65b+NpNYt77xHd/CXxTqGgX9l4e1HRP7Gn8PajruqaHH r+nrIAfen/CtfCH/AD6at/4VXiv/AOXdAGXrfw48JRaLq8qWmq74tL1CRN3ijxU67ktJmXcr60ys MgZVgVYcEEE0AfM/iP4w/s8fCfx3+y58D/Hdx4ptviD+0tp+qWXgP7BqXi250C0u/CvhfT9WupPF 2qwa9FZ+E7bxBfXtl4a8HtdxCPxF4rv7Tw/piNcswjAOOb9sv9gtPE3xa0GT42eC00n4LaH8PtR8 bePW+M9r/wAIDa+IfiP4l+LPhfRPh3b+IR49Mb/EG2vfg54pu9S8PTwW7xaZPp19bXF1ENS/s4A7 rTf2gv2Pz8LfgJ8WfG3xM8O/CPQv2k/AXhD4hfCrSvix8WT4L8Qa7pHjLRPCmuWtpBZ33jZra91H SYvG3hqz8Qf2Te6lYaXe6tZJLftBd2s84Bt6v8bv2LvD9n8QtQ1z48fDTSbP4Ta5YeGviXPqHxrm tV8D+INVu9T0/TNH8SLN4sV9Nv8AUNQ0TXbCyt51V7q/0HXbOEPc6LqkVoAc3aftKfsSyy2a6r8b Ph94Zg1/xTp/hTwHfeIvjrpNla/Ey51Xwr8MfF+n6l4CMHxEvJ9Y0q60z4weAI43uoNO1DzvEWj3 Lacuk694c1PWQBnjP9pz9hfwDJ5HiT46eDYbmL4v+EvgNqFrp3xL8Q63d6H8VvHNzrlp4X8KeIbX R9dvrjQJ9VuvDHiW3jv9Xjs9LjuPD2uQTXsc2k36W4BreFvjz+x94nm8KaVL8VvB/hrxh4y8I6j4 70XwB4j+Nmmx+M5fCmlQ65eX+t/2do3xD1q0ubC303wz4h1hrrTtRv7c6RoWt6iJTbaLq0lkAdR4 Y+KH7IvjX4c+KfjB4Q+NXw68T/CnwRLfQ+MfiRoXxrbVPBHheXTrCy1W8XXvE9n4vm0fS/K0rU9M 1VTeXkSzaZqem6hAZbPULOeYAwY/jx+xHKxA/aD+FSBfh/cfFaSSf46C2hh+G9nbpeX/AI2uJ7jx hFDb+HdNs5EvdT1KeSODTLN1u79re3IloAs6J8a/2L/Esnw/i8P/AB4+GetSfFbVtV0D4brpvxtk vD4217Q9TbRdW0Tw75Pi1xqWr2OtKdGm0yAte/2xjS0ga/ZbcgHzrov7fH7FHiT9nhP2j/B3iLVf F2gQeD9f8VeJvBHhj4naRffErwS+gfBP4jfHi68LeLfDJ+KdubPxVeeDvhZ4us7LRNPvNUuZ9Z06 8V1i0bRfE2s6GAemaV+1V+xVe/ErSPg7rPxKsPBvxO8QDxTLoPhHxZ8Q7+zutXt/Cvxcf4HStaap p/jDVPDy6jrHxJVPD2h+GLvWLbxhc30n2G88PWGqW95p9sAeh+M/jB+yX8Prv4U2vin4naPp7fG3 4sa58DPhncwePPFOo2HiX4q+HI/FqeIPBkWo6ZrV3Z2ep6RqPgnxH4d1MahPaw2fii0j8M3Mset3 dtYygF7wz8Uv2QvGfhDx58QPCfxs+HHiPwJ8LTe/8LJ8Z6N8bTqHhbwHHp9m2pXl14t1638Xvpeg WEWmo+p/2jqd1b2Mmmq2oRXElmDNQBxGi/tEfsh+KPG3gDwj4U+IOk+KtM+JPhjxr4g8MfEPw98U ZdU+Hdxqngn4p/CX4NXfgSTxHb+NGH/Ce6z8QfjP4O0DQfDcFtPc31+9zYu8GoSadaX4Bu6v8dv2 JtCvLvTtX/aA+F1lqVh4cv8Axfe6dJ8cGbULbwvpviy88B3uvTWMXi6S6TS4vHGnaj4OW7MXlTeK NPv9BgaXVbO5tYgDhtR/ac/ZcsfBn7THxGtZPF3iPwF+y54E8M/Enxf4s8I+JNU8TaP4z8IeLvhZ a/F7Q9V+Gd3pfjWaDxTBfeFby2W2mll0y0ur+VFt7mWyYXxAJ/hp+07+yD8RNE0vUNR8W3Pwo1/V Pil4r+CkXgD4x+Ob3wR44/4Wn4L1TStI1/whZ6e/jbUNJ8Q3VvfeIPDUEGpeEta8Q6Hd3XibQNOt 9UfVdTgsCAdfe/Hr9iHTNH03xDqX7Qnwp0/QNZ8aal8O9I1u++OgtNJ1XxtowsX1fw5p2o3HjCO0 vdQ0uPVNMl1EW00sVnDqWnzXEscV7bPKAb3i34pfsieA9HvvEPjb41fDvwnoempr73+reIfjVJpN hajwt4/h+FPiMTXN74uhiV9E+J9zbfDvUo93mWvji5t/C0qrrc8Vk4Bg6j8ev2ItJg8W3OqftCfC nT4PAetaT4c8aTXnx0ECeGPEGuW+o3el6LrTSeL1Fhqlza6Nrdw1jPtubaDQ9cluo4E0XVGtADu/ FPir9mjwRr3gbwv4w+JXhXwz4i+Jxx8PNH1z4rajpt/41LeR5I8NQXXiiNtX+1yXVrBYfY/N/tC6 ube0svtF1PFE4B8vfD39vX/gm18TzG3hX9pDwX9lf4W3Xxon1LxB4/8AF3hLR9O+HFj4u1HwNf8A iHV9Y8T6ppOmaQtj4m0u6sLyx1K7tdQtkNteS2y2d3bXEoBes/2zv2JZ/ip4V+FmoeP7Hw9P48tP EM3gLxnr3xZ0y08DeNr3Q9R+EOn2uh+G9Yt/iVeXN1r/AImPxr8HXXhzQ7vT7LVry0a4nu7KxW70 I6yAa/x/+PP7IvgjwDZWsvxb8MT6/wDFLUtG8A/DXT9I8fa14ruvEfi7xtr/AIk8G+F7e303Tda1 VTp194s8IeKdBl1a/gXRLTU/DutWd9dxTaddRxgHofwu/aX+CPhX4d+DfDmveOEsda0Xw/p2n6nZ nw/4ruPs15bwKs0H2i10Ke2mMbZUyW80sLEEpI45IB4T+1XrfwQ/an8I6h8MNV/ai1rwP8J/FmhT +HPiL4O0L4S2+tah4n064v7e7kuNG8WeJ/A2p6r4O1kW8LWMGq6ZHcvZK6X+nw2mrW8F+gB9S6b+ 1P8As56Vp1hpdr8RGNrptla2Fsbjw/43ubg29nBHbwme5m8PvNcTGONfNnldpZX3SSMzsSQDx34w 23wK/bB8FfFn4Van4+8SWvgLx34Y+HOg+INX8HL4y8Na80Xh/wAb6p4q1LRbfUbSx03VbS21iztr fSdUkt5I0udK1a8tlkkYzRqAeJ/Dr9jrwF8KfHf7NPiDwh+0z8R73wP+zVofi600D4a+P/B3/Cxr HWPF/wASPF3ivxN8TPik3irxTp934r0r4k+MbDxXfeDR4mj1G+n8L+EJta0fwmmjw+MPGP8AboB+ lX/C0PA//QZl/wDBPrv/AMrKAMzW/iZ4Jm0bV4Y9YlMkumX8aA6RrgBd7WVVBZtNAGWI5JAHUkCg D89fih+x/wDAL4/eKrL4xeNPit8WdE+Jmn+DP2dNL+GWp+E9Z8YaHpHwkv8A4BeOpvi5oGpaf4U0 qK38JePLnWviFdx6p4gX4j6T4stXtdM0yx0ZNLjthO4B5R4d/wCCd/w18Iy+F9V8N/tZ/FSx8T/C 7Rvhh4F+Ceu3Hwr+Hd/H8OvhX8KvCv7Svw70LwTf6JP8ORpXj+/vfh5+1P8AEbRNT8Y+LILrWpNY sfDPiKBYWs9U03WADb+LX7FHhf4geH/2Wfg/4c+P2t+Dvgl8D/2Ofi7+xz8R7xfBGm658Sfif8N/ iLpn7NnhKTRbd9c8A6h4e8MT694P+DPiH+2/GPh9NI1rw9reoaPJoOm3llcXkVgAfPv7Q3/BNiXx ZP4x8ZfDP9p74heMPH/jv4seCfE+rz/EfxT4q8D6xpHw38F3/wC0prul+EPC3xM0b4b/ABF1ew1C x1P9oafwyJJ/DA0S4+F3h2HwjZ6bo2oXNzrd6Ae76D+wJ8H9W8FeJLf4lfFe6h8c/Ez4KeJfhj8Q ovhr4FbQ/h7oGp+Pfhz+xn4F8VT/AAv0TVfDt3f6N4b0hv2M/CUng7StUnuTaWHibWLW9V1tNIis ADS0z9g/4b6d40+IfxJm/as+Muv/ABB8X/FT4J/E7QvFPizw9H4mu/DB+BPxh+LPxY8JeHLuLVdE nTxFpk0Hxl8VeBrlGOkWen+GbDwyfD+m6PfaTPPqABz2h/8ABNn9nzQLez8N2f7QPxSk+HSnSfEe r+C7jwhoMk2r/FLwx8I/GHwQ8JePh4rXwWniDTbTR/Ani0G58F2Vwvh/VfEOhadqkwhstS8U6R4g APaI/wBj34CWnwi+MHwm0z4s+O9Mh+Ksf7N17a+I7fw1Yy33gzxP+yv4J+EfhT4W6/pmlXXhGfQt XiGo/Bfwh4h8R6Hrmn3mlazu1LQjFbaPcRwwAHzV+1F/wT2H7QUXjzxrqP7X/j7xl8WdY+DnjvwD 4RtfHfhaPR/hpofiz4g/CK6+EfiDXbHQdB8H6pYeFfDVxaXU/i+Lw1onhy7lm8ZXmqaj4j1PxTZX 8en2QB6Av7APw2vvHngP4h+J/wBrL4z+I9W0P496P+0r8QNGPhew0TwX8Rfi34c+J3gX4i6H4ij8 GaJ4csvD/hOWOx+HXhbwHqc9pZapqV/4W01ZLXUdM1691nV9WAOP0v8A4Jg/AUeBLfwR4s/aW+LP i8aF8Lrf4GeCtZl8DeFPD954X+EGl/A39qr4K6D4Xe08O+BNP0/XdY01f2vfiV4tn8WarbyanqWp aX4UsLmMWlrrUmugHafFP9hb4Z634R+KEXw9+MWup4o8afDL9sHwvZaT4t0CaHw3d+Lf2kvircft BeBtfk1/TfB1/r3g68+DPxtg0PxD4a8Q6DYarqD2OmW/9o6Zql7awSMAe4w/s3/CyP4B/sr/AAVt viz4j0W7/Zp1zQfE1x4t0zwtc3V38StZvfhh8Q/hV8YJ/E9tqOjSeTdfFzQ/i78StW1PXNMmstb0 Txdr9v4m0y6FzYfZrkA8K1D9iLwroP7KP7UXwN8IfHrWvGnxA+N/7Mfg79lrwT4w+Ing2x8OaP4L +Gfwg8HeM/CfwX0K/sPA3gAW2q33h5PHviS/8TeLtQ0bVr7xLd3sCNo9ppGnWOixAGldfsHfCvUZ 73xjqn7S/wASb3406l4v8QfE6++KK/D3w1aQS/FO++Mf7Knxh8N+Kk8B2vg+PwxDpnhe7/Y/+Ffh c+GET7Nr2i3Xiq81W+bXtXg1WxALnhP9hn4V+Bfhp8RPBPhT9p34x6V4o+JWl/CrT/EHxIttBtdI 1+9/4Vj8efjJ8fbm21C18J+GvDME/h/x/rnxv8XeFvGvhzTZ9Gs7nwky6dpc2mPd301wAX/h1+wl +zr8Of2Zvjr+zBZ/F34h6x4V+Pfwa8H/AAW8S6/q3h+1bW9M0Lwh8KY/hNBqemwW/hSHSZdQ1HSE bUb+G+sriwN9I0UVsln+5IByOpf8E3f2Uh428JeJPDHjbUNB8I+DPG/xD1rQPhBe/Dix1v4V+H/A HxS+IHw7+MPir4X+FfCf9haZYaBo1r8X/A2pePPCd3sv4fDc/jfXdITR73TtK8JL4eAM+5/4J2/C q40LxHodv+1L8UNEsfGumfH34deKdE0D4eeGrfwTafAP9pez+F9v8Wvg/wDDTwPq3hLW9D+Edvre ofCfRfFFpr3ghLCDSPFviLxvqumeHbWy12z0rRwDqdK/YK+Clh8S7Lxxe/tBfErV/DfhX4hy+Pvh t8O7vwXoEej+CP7S/bC8H/tteINFbXIfBi+JvE8GqfF3wqbC3v8AXtSuL3SfB95Bp1k39r2Da7eg Gb4+/YE+FHjzw9F4Rvv2jvHEvhPwh8cPid8b/g/4Y1n4a6NrGj+A7/44z/GC6+MPhXxC8GgaRrXx L8O+Kp/jd4wGl/8ACR6zb6h4ftrTQbZrvVki1w+IAD134wfsr/Cf4s+Nv2Z9fT45/EXwV4I/Zquf hDfaH8H/AAvoU1r8Nta1D4I/EnwT8SvBOor4dXRYtO0O/N34IsPC+q3VtZ3jr4OkXSPDv/COTRTX 12AeORf8E+Pg0PDEPge8/aN+I2o+EB8M7j4OXmk3fgDQHmvvh3o/x9t/j/8ADXTJ73/hE/8AkK+B 9ak1nw5f6x9nI8Z6FqyPrFjBqOnw3UgBp/FP9gX4J/Ez4h+OvHCftB/EvwvYfFrXviPJ8V/CmneC fD2pWXi3wP8AFTV/2fNc8WeB9P1XWfBV7rHhTzL39nLwjHp3ifRrpdbsbbWfEGGkvhod/owBw+s/ sB/B3wtYeL/FEX7QHxP8THQNS8HeJPhV4VvPCnh7S9O8FaX8OP2gfiJ+0fpHg6bUbTwfa3/ie01X xT8TvFPhvVda8QX39pDw2NFazls9Y0251TUgD9bfgciH4QfDklFJPhLSMkqCf+PZe+KAPzV/4Km/ tcfFX4E+FZ/CXwjHj/4fX2neFdJ+JfiP4z6N8IvFXjnQWtV8b6boGk/CrQtfsPC3iDwhoPiLxOy6 nqHinWfFNxZJofheztNM0eG98QeM9Kn0oA/W/Sr6y1nS9N1ezhuEtNVsLPUrVL/TrvS75La+t47q Bb3TdRt7XUNOu1ilUXNjf21ve2kwe3uoIZ45I1APjH9sv9oa7/ZQ+DP7Sv7QOk6Po+v658Nvgx4W 1PwxoOvX7aVoeseLtS8TeK9A8J6fq15C0U4sbrxFq+mxXUFtNBe3sLPZWVzbXVxDPGAfFnwy/wCC kvxx+Icf7EvxJufA/gDw98IP2pfj58RPgxruzwz4u8QaP4e06w+Ifxp8I/DjXY/j3pPjZ/CeieL/ ABWvg74a6L4c8Ban8NNWi8f+JfEHiKSz8TeELCfQY7cA/bOgDI8Qf8gHWz/1CNS/9I5qAPz41L9o r4txfGrVPhR4I1L4SeB/hv8As7fs2/Av49/GfW/iV4X8Y+LfGHj7w18Tda+JmlXGi/DC08L+MvCd t4Xh8J+HPg14mub7xfq2nePV1Dxb4g8OaDb+FYYLHUrm+APEb3/gr7oNrounzR/su/GK68Xa74O0 b4ueHvBkPi74PGfUPgd4m+B/xM/aC8N/EW78QDx02g6ZqF94E+EPjmzvPAs13L4i0/xTa6RYYutE 1u28SIAbvjb/AIKv/DrwtLr2r6n4M8Z+DvCXgbxdp9xq6+ItB0+98cePPhHe/s5fHf492/xH8IeD JPFfhu+0jwd4itfgzf2Hgnx7JN4r0XxHqEGoeHZNM0zV7fXZPCgBw8H/AAVb8VeCPEnxE8M/Fr9m f4o3HjxPjT4g8M+Bvgx8LrbQfiZ460X4XfD/APZo/ZW+MPjvW9X1bwFrXibQfGHiefXf2h7AeEtC 0STT5tTg1aw0HUpdIudGvNUvAD6k1H9vzQ9C+APxs/aP8RfBz4iaR8P/AIY/GrXPgT4IhW88L6x4 k+MXi7R/j7P+zHDqGg6BoWralf8AhjQdU+MMS6TaN4pjs9eXQnbX5NA2iKxuADwnXf8AgsD8L/B1 3pmieO/gP8dPBni3UvgZ4q/aBXwp4i0zw1oesjwN4H8VeMvhn4idLPxHr2hXsd3c/FfQPCfhfwlH qdlpf/CWeFvib4Y+KVj5HgXRfH2peEADvNB/bx8YaF8ffGXwy+M/wwuvBMLWfwr07w34S0/VfDHi DW/CPibWvgd+2D8dvGsnirxdpXiG48O69ot74Y/Zf+z+G5NHit7uxvNftF1m2tx/aX9lgHzL4w/4 LOaVY6v8M/iFonwi8Y2X7OEvhrx7qvj/AMUaj/wieqeLvEfi/Rv2cvhz8a9G+Gngfwzpfi063p+r WGpfFzwRoGoeJ9Y0qTwtqt2NeFtfWWlWula3rYB6n4p/4KdeLtbtvAGifDv9nX4j+EfFl58Tv2Yt E+MF98WYNE8K6P8AC3wT8dP20bX9mDTdXs9G8Taz4W8YfEGy+IFr4X+JOoeC/EXhTQJbbR7H/hF/ EuuaeyXN7olsAePfDL/gsT4n+JsHxVfwP8MPh98UtQ0/9qD9njwf8INE8K+Oz4Svdb/Zg/aS+NWq fAnwT8Q/F1x4qe8gHxHh8UeD9c1rUNG0pLTQ7bQPHvwvkuvsgn1O9ugD1SD/AIKifEGT4S634n1r 9mXXPDXjCz+Hv7fvxUurrS/GngTxx4S8E/DT9iHx/P8ADTUPGet2s/ivwRq/izVPEXiy/wBB0y08 BeHruwvL+4t9duH8RaFoi2GsSgGt8Lf+CnGpJ4uv/Anxn+EviK0l8UftJ/F34P8Awa8e+FbvwdL4 a8baJ4K/bk+G/wCyGv8AaOgx+LtS8T+FdR8FzfHT4Valrd14hs7RPFqW3i660C2hlt9HsdYAGP8A 8FXrO31P4t6/P8A/Flx8I/Anhb4SxeEfE+leJtA1bxd41+KvxZ/a4+OH7H/hzwW3gzSzf3WnaHq/ j34OX+q2fia3n1KWx0CHUbm+0mW/utD0q+APo34D/t06Z8bfip4U+FeofBb4qfBjVvF3wfm+KOjN 8adOg8Can4gvdK8Q3Hh3xX4X8E+HtU8vUvGn/CHTQRX3iPV9KKS6bpWteFtYvNGt9G8T6TqU4B5V 8J/+Co/gb4oeOPh74Rl+C/xL8H2HxhvfhdqHwn8Ua1rHw9v9P8WfDz4x6d+0rqPgXx7fWOheK9R1 Twst1D+zB4zGqeGNctode0ttc8NI8M8zazDpIB5haf8ABZ34U6t4b8T+NvD37Pv7QfiTwV4Q+C2i /FPxB4l0Tw3ptzpWleJNd+AfgX9o7T/hvqetS6hB4V0q/vvAfxE8N6LpfiPU/Etpo2peP7lfDUax 2dzp+uXoB9X/AAd/bd0z4o/HO+/Zn1n4T+Mvh/8AHHwnZ+LtX+KHg7VNd8Ga/bfDrw5oHhr4P+I/ Dvie/wBb8O63eWus6F8RT8Z9E0XwVeaTDKdQ1rwr8Q7SeO3/AOEO1J6APk5/+CyPgGH4feIfHd98 BviFos0Hgfw98VPAHhnWvGnwxXW/il8NNY1X4xaNe6x4XttD8Sa/cDxRpd38CvH163gKa1fxBL4e isvEt2umaNY+NLvwaAb/AIy/4K6+AfCvw2+JPxlT4KeOrz4Z+APFZ8N6Zql74w+HOl+KviRDofwg i+OnxD1LwD4AXxBqPinUx4F+H19pNzeW17Z6elxqNzqBvbzRvDujXfiVgC741/4Ku6L4O8X+PdIH 7M3xg1zwT8PtW+McerfEiw8UfCK20q78Mfs6+Mfhb4S+N/i2w8P6n47s/FMlt4Yb4zeA73w5o0ul x654zMuv21nZWC6NFd6kAYd5/wAFXbzxRqml2PwY/Zh+JvjDStT/AGmfAfwH03xp4xni+H/gbxPo viH4qePvhB4o8R+GPE+r2TaXdeKPD/irwFNd2XgdriW+v/C+u6Rrt7d6ZcQ63o2kAHSfDX/gqvoX xkTwKfhl+zJ8eddX4t/FXwr8P/hHqes2Wg+CPC/jjw74o8GfG/4gS+Oo/FnjG/0bRbceGPCXwE8V 6z4p8Jabca94h0+28ReAIrWPUL7xJPZ6SAfrHQAUAeXfGz/kknxE/wCxU1f/ANJmoA8I+FvjT482 Pw68G2fh74GeGdf0O28P6dDpWt3XxmttEudUsUgUQXs+kP4C1BtNknX52s2vrsw52meQ80AZHxY+ LPiaLQX8J/HD4IfAW18NeLEMbeHvif8AtIeDLPR/EcemXdneMg03xP8AD+G11VLC9Gn3LKsU4trj 7JK2yQxEgHqSfEL9o+VEkj/Z48ISRyKrxyJ8e7J0dHAZXRl+G5VlZSGVgSGBBBINAGNZjxx4+13x bpXxJ+CfgrybnQfAr3PhXVfH1p4s0e5h0fxH4i1rRNVllk8EQ20lzb63ai5t7WSxL2F1pVpfx3Ly TRpbgECfs9/DePxj4F+IKfstfBBfG3wx0uPRfh34nV9GGseCtMgk1WW2tfDN5/wgnmaOLOTXtdax lsvKnsjrmtC0lhGq34uAD3P+1/iD/wBCToP/AIXE3/zJUAZet6t4+bRdXWXwXoUcbaXqAkkXxtK7 IhtJQ7qh8KIHKrlgpdQxGCy5zQB4hqHwQ8C/FKT4S+PviH+zb8G/iF4y+HOh6JJ4B8Z+L20fV/Ev htI49O1O3bSdQ1DwRe3mnRrqVpZ6zFZR3Ulta6xa2upQj7faQXSADPC37MPwe8EabPo3g/8AZE/Z 98M6Tc33iHUp9O0Sz8N6dZSXnivwteeB/EUpt7b4fxxBdW8Fahe+D7qBVFufC11N4eSJNIc2lAE+ nfs0/CfSb/VtU0/9kz4CW9/rt5aX+r3Ig8PySX9zY+HPEvhC0Nx53gGRWht/DHjPxjocdqFFqNO8 WeJrfySuv6r9rAOds/2PfgHp3hfSPBWnfsZfs66f4U0HxW3jrR9DsbLw/Z2On+MZdG0zw5c+JrdL bwFEy6ze+HdF0fQNRvy7T6loeladpF+9zp9lbW8YB63qnw30vW/AniH4Xax8AvhZqfw48W3fiPUP E3gW+1PTrnwpruoeL/Ed/wCMPFGoapoUvgdtOvL/AF7xbqmo+J9TvZoGurrxDeXGsySnUZDcUAef J+y/8Hk0uPRH/ZG+AFzpcenjSfsd/b+H9Rjl0seF/Fvgk6dcm/8AANzJdWUnhHx9458OzWty80M+ leMvFFpMjx69qgugChc/slfAy98Hr4Avv2N/2dr/AMFCTw3MfDN9YeG73SJJvCEniOTw1PPaXXw/ lS4uNHPjHxetrPP5k3k+K/E0EjyQa/q0d2AP/wCGTvgb/bd94jP7Gn7N7a7qfgxPh1qGqvo/hOS8 vPAaeErbwD/wiFxK/wAO2Mnh6XwNY6d4OudKYG0u/C+laRoNzHLpek6ba2oBBP8AsjfAq7XwMt9+ xz+z1qJ+GkFxb+AZtTttA1O68JRXPiH/AIS6QaLd3/gO5urR18VFvEsEqzGW116WbV7V4b+ea4cA 63xJ8Avh74w0PS/DXij9l74Ja5oGheDNI+HWh6RqL6LPY6L4D8Pa74Y8UeH/AAfpEDeBNumeHdB8 SeC/COv6JpNl5FnpOs+GtD1LT4re8020miAFsvgH8PtN/wCEyFj+zB8E7VfiFbfEmz8cpDJoyR+K 7L4x3OjXvxZsdcjHgTy9QsfiVfeHtEv/ABxZzq1t4ov9MtL7WYru6iE1AHMTfsnfA64uviTfT/sb /s6SX3xiimh+Kd62m+GDd+PlufEUPi+5k8UXP/CvfO1W4ufFlrY+KLm7uXe6uPEem6Trk0z6ppOm 3VqAPH7KfwTXSk0KP9jz9niDRI/At38MYtHtrDw1a6ZF8Pr3xi/xDl8Hx2Fv8P4rWPQI/H0k3jay 09IhDp3iy4ufEWni11a5nu5ADpvB3wI8DfD7xRpfjfwT+zV8IPDHjDRPCUXgPR/E+j6jY2mu6X4P iaFv7AsdTTwV9rtbCY21qLtIZUkvltbVLySdLWBYwDxeH9gn9neHxf8AEfxX/wAMk/BWa2+LGmeB 7Txz4Jnk8OSfD/WNY+HvjT4gePvD/jWTwr/wrkWg8bDxB8S/Ez3niBpHmms5be0iigT7Yb0A9IX9 lr4Nx3rX8X7If7P8Fw/gLTPhbL9ntvD8FvP8OtF0iz8PaN4NuLKHwClncaBpHh3TtP8AD2l2E1vJ Fp+gWNpoloIdLtobRADqfDnwkk8MfGz4oftA6f8AD7S5fiV8W/B/wz8A+J9Vu/HcEkUHhD4TXHja +8I6JpCQ+BLe6trVNU+IfivVdRN3d30t7e6hH+8itbGytoADwH4c/wDBPj9mr4bfDAfCWx/ZC+CX ifwzcanZa5r1343fw14k1/xdr+nf8JGllrnizVp/hxC+t6nBbeMfFtiJp4ljew8U+J7OWKSHxJrq 6gAeteJv2YvhB4z8MQeC/Fn7I37P/iLwjb6/P4oh8M6vaeHb7Q08Q3fhuHwde6t/Zk/gB7Rry/8A CVvb+GNQkaJhf6BDFpF4J7BFgAB0998FvBupw6tb6j+zV8Gb6DXYPG9trUN3No08WrW/xMvvDmp/ ESHUUk8CMt5F441Hwf4UvvFaTiRdeu/DmiXGpC5l0y0aIA5m5/Zk+Et4fG5uf2T/AIFzf8LJ8T6N 418dKz6Rs8T+MPD3iJ/GGi+KdUjXwMI5fEOn+LZJvFMOsIqX58R3FzrklxJqdzPdSAGv4Q+Afw/8 AaxP4g8EfsxfBfwprU/jCf4gnUtBudK026h8b3WkeKdBufFFm9t4Gj+wa1caN448aadNe2It5Zbb xb4lRy39uambkA9t/tf4g/8AQk6D/wCFxN/8yVAB/a/xB/6EnQf/AAuJv/mSoA84+L+p+Npfhf48 jv8Awlo1nZv4Z1Rbm6g8XyXk0EJt23yx2reGbUXDqOREbmHeePMXOaAOs+Bv/JH/AIcf9ilpH/pM tAH58/8ABSrwHe6lN4D+Jfw88A+IPip8ffBPhLxloXwp+GWo/s5Wvx5+EHxAbxV4n+Ht/rPhn4ha pqvhe/0r4XTXTeFtO+yeOT4y8E32j6O2vXcd1qlpFd6fIAfqZpX2k6Xpv22zg068+wWf2vT7WRZr Wxufs8fn2dtMiRpLBay74IZFRFeNFZUUHAAPhT9u5Pjfc/AT9p3Sv2cLbxVcfGzxJ8HvA/hDwDJ4 Iuraw8VabqXjLxt4g8LXuu6PqN3pWsxaZP4e0jV9R1yXVVsDc6Va2FxqVnd6dd2sGoWoB+Zvwj0v /gqMfHP/AAT31n4q+CvjxqfgfSvjt498UfFS6tfiZ4VsbtrT4z6z+1Nqmsj9oPwjpdv4RubjwT8I fBt18ILP4aaE3h3/AIRnTdT1XVdMhhTXIPh3p2mAH9FlAGR4g/5AOt/9gjUv/SOagD8Iv2rbP9rK 1/bN/Z+8U/BjTfjbq3g3Qfhf+xZc2Wj+CtN/aBPgvxE6/G74y2n7QGizeJ/CWqp+zX4YaL4Y6p4I 134lw/Hzw5rWq+KPBmj6BoPw0vNB8YXGkatagHV+FdX/AOCld2nwVh1XXfFun+P/AIxfDT9hyX4v /FZvgJbJZ/Cm7+Isn7X/AIr+PvhPTfh7eX0vgTQtQ+EM+n/CDw1car4g0/UfEejt4h0WTx1ceJI9 Q0jTIADi/wBjb9uv9q74wftp+A/gv8evEFp8MrPT/hrpGk+NPhddfDD+yE8afGn/AIZW+B/xf8U+ G9N1RvDus654P8Z+DfEvjT4k+JPFuia9440fTLXwpp3gzw7peh3Osxa3faqAcfYr/wAFIPD+p6T8 RNG8YfHvxr8Rfgxpn/BQO28Rad47+A32nSfiHaQ/tp/s93fwb+Emn21ronhrRNa0Lxr8DbTVvFHg T4g+C/7Y1uHw8fEGjeEvEtraeGdY0i2APrn9n34j/tvfFbS/20NL/aNfxB8KNLs/CvxO0TwDZ/Dv 4U/EkfFT4X63F4o+K/h/QNb+E2t33wo8OeCPi4j/AA8svAni7wlF4R8Z/GLXNS8YCO+l1PStP8T6 Z4S0sA/Py31r/goonw/+D+n/AAf+Bv7Q93o/7HvjDxZ8cfEnilPGHx2+HcX7YGm6F4y8HaboWnw/ Df8AabvfEnxx1CH4jfCm2/aRsNb/AGcta1m/GifE/UfhV488OajeaFqngm5vQBnxg8P/APBTe58N ftg/CjwLF+1G/hL42fF39pT9p74e/EywvfGlr40+F3hn4NfFz4h6N4Z/Zx+HmoteQ+LfDel/HWPS v2YfE3wu8KaCLWw1H4b6z+0J/Z9vDaQSxSgH3h4k8QfGrxn+wP8A8FFvhRZeG/2iLj9oTw/d/wDB QOPwLHq/w2+Len6tr+l+MfjN8fdR+AFv8HPF+taPpGjfEe0k8CTeDU8G6d8NfFOqJpOjS+HdISXR llsI1APIdD+KH/BRfxJr99c6HpXxJubNtSk+Hvw6+OXjX9m3xH4G8Tah8P8AxN+1h+xR4b17xr4x +BGq3eheHNC1zwn8PPGX7TNxoUmveFtE1DU/A/wssviI8aaG2rXGuAHmHxH8f/8ABSP4geKPgp4G 8ceHvjLbw+CPi38M77Hgb9njxFp3h/416J4I+PP7RXhXxn8S/id8QfDjR6f8JvL8EeA/gl4rh8C2 uraRpPijTviLPqmjaJreheIdOn8DADte/ak/4KSfs/8AwJ8RfFzxloWo6R4T8K/BXX/DWn+CfFvw aurS18C+KPDn7Hv7PHjbwT431HxnrWq3HirXta8QftGeJ/iZ8KU03xRqN/puqanaJ4ea01DxNoF3 PqoB9X/Bj9q79oLVv2VvgL8ZpNS8W/G/Uj+1v418C/tGw+DvgpqviD4ieC/hBY638XvD9h4VvPh7 4H8D+HNUv/HHgTV7f4R6D8QfEfgrwXc6SdXPifW9K8/wYDq0IB4b+zd+13/wUN+JPxs8M+DtX8M6 prPibw5p/wAHNJ+Mfwc8WfA/Wfhb8M/B7eNf+CfPgn49eLdf8b/tE2Hh7xefAvxI0z9pjxP4f8CR /DGPSdZ1XTvCniy6YeCtcgtIvEnh8A63xj8Tv2+vAXjT9oCw1HXvjhp2ia/+1B4YddZ8Efs4al+0 NY/BH4Nat+xxpvizw/a/ACDTPhrpLfGLwz4j/ac0W9+E3i/VrrRtU1PwXFaya94o8PeANR8fHxZZ gFf9sf4p/wDBSXW/2T/BuiTfCnU/hd4n+K3wB+INr8RdW/Zy8I+LP2jPiLbfFvUf2bLjUPDvwx1D wHY+E7SX4OaR4r+L+o6v4WbxvpHijx5beHm0TRbd/iT4Tudbt9cYA8s+Jnxg/wCCjt9rHxI+G/gX SP2lPhr8Ovh34N+DWo2/jPS/gS/izxhpt/8ADj45fshaf41f4cXSfDG/0/4maR4++D/jD49eI7/w wPFXxW8deJLf4fajY3Hhr4f3C33hTWwD7x/Yy+Kv7aHxA+O3x50z9obSrTw58NtA1Lxxp3grwxf/ AA0+IvhrV9Oi0P4ra7oXwy8QaB431L4VeE/h34p0L4gfCC20bxf4nstM+JHxL16w8V3yNDb+BbBr /wAHaSAfprQAUAFABQAUAFABQB5d8bP+SSfET/sVNW/9JmoA8J+Fvws+Imr/AA68Ganpn7RPxK8N affeHtOubTQNM8OfCe607SIJIFMdhZXGsfD/AFHVJre3X5I5NQv7y6YDMtxI3NAHknxb8feJ/hb8 RvDPwf0743ftO/Fj4qeJvCmo+PU8DfDPwN+zZLqWi+BdN1e08Pv4q8Qap440DwT4a06y1LX7tNC8 P2H9tza54h1eO5tdJ0u5W0u5YAD6RtvhD8U7m2t7g/tPfF+2M8EUxt7nwl8E0ubcyxq5huET4bSI s8RbZKqSSKsisFdxhiAY8emXfwxvfiR4l+I3x98VN4f8JfD/AEnxd4k8c+JrP4caNb6F4Y0qXxne 6nJqUlh4Ls9Mg0jRrXT73U5Lp7VblBcXZnuJYUt4oQCv/wALz+DT+K/Bnga3/afa/wDGHxB1PxTp HhHw5pUngzVtW1W88E+K9V8CeK2e10zwVdvpljonjbQ9Y8I3erat9g0r/hJtNvNDivZdShe2AB7x /wAIlrv/AEUfxj/4C+Cf/mPoAy9c8Ka2mi6w7fEPxfKq6XqDNG9r4MCSBbSYlHKeEkcK4+Vijq+C drKcEAHiSfFb4W+CNEh07xj+0nbeDr/wvp3wQ0zxFpms6p4A00+H9Q+OmrJ4L+D2nXY1LwwZom+I Xi2C48M+D/Pmlk1jVbS4s4pZri3n2gHq/hS80zxzHr83g/41a34ki8LeKte8D+IpdIPgW8i0fxf4 XuhY+I/Dl9JF4QZItW0S9Js9TtCTJZ3ayW04SeKRFAOV17w58O/BHxD8HatrfjT+w/ij8X9Wufhp 4S8Sf8Id8PB4x8Y6hpHhDxL8Q5/CbeKLP4dyao9pZeEPAXiLXktdV1KHTFg0ExQk3f2K3lAOj8Ka npfji/8AHGmeFfjH4o1m/wDht4xk+H/ji2gsPCkT+HvGMPhvw34vk0O6Nz4IgSa5Xw34w8N6qZbN rm0MGrQILg3CXEUIBrQWz3PiPU/CUPxU8YP4h0fR9G8Qalp/9m+E1NtpHiG81yw0e8+1P4JWzlF5 d+HNah8iC4luYPsRe5hhjuLV5wDL8E6hpvxG0i917wV8YvFOv6Rp3irxv4Ivb220/wAKQR2/ir4c eMdc8AeN9HdL3wRbTNP4f8YeG9c0O6lSNraa50+WWznubR4biUA67/hE9cyR/wALI8YZABI+y+Cc gHOCR/wiGcEg4PfB9DQAv/CJ65/0Ufxj/wCAvgn/AOY+gDyn4q/EHwd8E7bwpdfEr40+N9CHjjxO 3g/wnbWXhXT/ABRqet+IIvD2v+Lry2tdI8JfDfXdVW00rwr4W8R+JNc1iezi0bQdC0XUdW1nULGx tpJwAO8QfELwH4X8AeN/ijrf7Qep23gT4a6c+qeP9dgXwbqI8HW0fh3SfFzxeItN03wVeavpeojw vr+h6/8A2PdWEerHSdZ0u+FkYL+1eUA9G1PwBc61p17o+teNvEOr6TqtrcafqWlarpPgDUdN1Oxu 4nhurG/sLzwXNaXtpcwNJFcWtzDLDPCzxyxsjMCAcJ4Dtvh4tnovg74YfGPRY9Pi0fVtR8OeFPAE /wAIIrGLQNB8QSeHNevtE0Hw54VW2j0fR/FTy6Fq9zYWgsrDxC8um3kkWpM8JAO9tvAd5aT395Z+ OfEdrdavcRXmqXdrpXgGC41S7hsrbT4LvUbiHwYkt/cw6dZWVhDcXTzSx2Nna2iOLe2hjQAxdElt fEPhr/hMNK+L/iiXwzs1WV9ZurPwfplpBDol5e2OrXFydU8FWb2tvY3On3qz3FykUIjge4WRrcrK wBq6RpU+v6Vpmu6F8WvEOtaJrenWer6NrGkv4A1HStX0nUbaK80/VNM1Cz8KTWl/p9/aTw3Vne2s 0ttdW80U8MrxyIxAOIvvGfg3T/FHhzwXP8ftSl8VeLPG+r/DXRdEsW8D6peyePtB+H2pfFfV/CWo Lpvg67TQ9csfhzpN54wmsdcfTpToxs50DtqWmpdgHpH/AAieuZx/wsfxjnqR9l8E5wc4P/In98H8 jQAHwnrg6/EfxiOQObXwT1JwB/yJ/Uk4HqTQAf8ACJa7/wBFH8Y/+Avgn/5j6AD/AIRLXf8Aoo/j H/wF8E//ADH0Aeba3408GeHfEuheDtW+P+ow+KvEfjjT/htpfh63fwPqOr/8Jzq3gfxD8StL8N6n Y6d4Ou59Cv8AUvAfhXX/ABVYnXE063u9IsDcQTSfabNbgA9J/wCET1zOP+Fj+Mc9SPsvgnODnB/5 E/vg/kaAOK8a6zo/w6HhRvGnxm8T6APHHjXQPh14UN1p/hWb+2fGvil7hNA0C3+yeB7gx3WpPaXI imufItI/KYz3MQwSAbfiS0k8I+H9b8U+Ifin4w07QfDmlX+t6zfnTvCV0LLS9LtpLy+ujbWXgm5v LgQW0UkpitbeeeTbtiikcqpAOR+LvhvV4fhb46upPHfinUoI/C+qTvZXVt4TW2u41tmcxTtZ+F7S 7WJ1++YLmCULkrIh5oAv/BbxR4ZtPhN8Pba78RaFbXMHhXSY57e41fT4Z4ZFtl3RyxSXCyRuv8SO oZTwQDQB8Afts/sX6f8AtI/E/Vvif4Q8W/AG91Txp+zhr37NmuQ/F2W81D/hXcV74pufFPhn41fC 2fQJbiVfiT4Nu9W1kafY3baGk8p0y4tfFOjeRfxagAfpZ4Q1Pwv4W8J+F/DNz8QdN8RXHh3w7ouh T+INX1/S5NW12bSNNttPl1jVJBdESajqb27Xt64JD3M8rAnNAHyn+198GrL9rX4S/Hv4A6N498M+ G4/in8Pfhp4Zv/El5beGvFNhaaND8QtX1XxPanSta07xBo91fXnh20v7OxF5pk5tL69sb5GtZIor uIA+BvgN/wAEu/iV+zx8QPgp4i8A/tAeDtLsNBs/hcnxb1zw1r/iv4bX1yngD9or48fHrxn4Y8Of Cn4YDwh8F/H/AIV+Nem/HG/+GWuj4leG4rv4e6TpT+JvCsOqaze29tpgB+7H9s6R/wBBXTf/AAOt f/jtAGTr2saS2ha0q6ppxZtJ1EAC+tSSTZzAAfvepNAH5Lftc/8ABPlv2v8AxV8L/Fln8UvCvhLw Td/s86t4E+LHhnUhdXOp+IvHfg/wr4wvf2SfHGjSWVxFbWtx8DPif8VfH3xAuBfMbifUo/Dh04LN ZzOoBwnhf/gnH8VtL8YfATxX4k+Lvwa8UeJvDn/ClfHXxT+J8sviqw8eeBfjN4Y/aP8AiT+03+0l rX7O9jbf8SmHw5+1j4g+JmpfDPx5H4ov9DvbD4caVptrrFt44tYrDw7pAB5+n/BMj9pTxB4MsfCn ij9pP4S+HL7wT8IfBPwR+HvizwVqHxAvNaOi/Dr9l/8Abo+AGl/ELXTq15YT6Z408W6r+1V4Q8Re I9P8O6iiaVpXhPW9O07xPqWpLo2quAfQnw2/4J/3Gk/s5/FX4JeKH/Z78G6T8Xf21/g9+0trHwz+ FFx4oPwk0L4Z+BvFv7N2r+M/hJYf2xb6Pqupr4u0P4LeJtOuM6Povhy+l8WpZ3GiWGitd2KAHld1 /wAE1vibptj4Es7T4h/Ar4neEPh5/wAIhpVr8B/irqXjRPg54x8I+EfiF+3prHhbw14ljsLbXbm1 0/4aeFP2qPhFc+ALNNC1ixh8SfA+y0+S30yyt/Cuu6GAN8O/8ErtVbx14il+J3xK+E3xT+FXjf8A an8ZftGeIfB/iU+J7m40fw3r93+11LpvwI0G0lvpNDvvhTZ6p8ffBvxOXRdUggmh+KVt8TdT1W68 V2et+FW8PgHnF5/wSx/aM8R3Wpw+LP2ivgzcW97+x/pf7Mt/4k0RNV0XxX43lh+HH7NPhefUPiHq mneHLHxn4qfTPFPwb8e67YeKPEnxK8TX82n+OtJtNF8MeB7rSdbufEQB1fjD/gkrqFtpnja0+Dnx O+GPw3g8W+JPjHqeseH9HnvtM0Pxt4I1/wDbB+C/7Qfwf+DvimK+0jxfodp4B8GfDLwH8QPhMbA+ DfEvh7w3b/EK/g0fwVrvhfU/Emg6sAe+/ED/AIJ52Pjr4A/smfCv/hJ/AUPiT9mjTPjcuma34y8R XnxJvtC1P4pfs9fGf4XeHV8G+NLnw34U1WO08D+OfH/gnxFpM9v4Z8KR6boPgTS7PQtI0ufSNDtb cAybX/gnvqun/AD/AIKEfBTS9d+A+max+2R4M8L2ek/Eq0h1aDXbnxXF+zT8Pvgr4og+KdvZWNjq Gp+HofGXgjWPHWi6lpXiO91vUF+IviYXdro2rwvqGsAHiXh3/glx8SrT4n/Cf4gax8UPhjo3g3wt 8V/EnxDHwE+F3jzxD4P+HfwH/tD4q/DDx/YXPwF1zWfh34t166udYt/h/qJ8eaPZWXwZXXr7xZrW i23iSz8I6lrmlayAcrb/APBIDxBoGha7ovw+8Tfs0fDPWb/4Nftb/BHSviV4H0u+0TxtpmifGL44 wfGL4b+JoPsvhuNbbUdV0C51/wCDXxY0ODVWt9N8F6pNfeF9c8QrdT+G0APsn9kH9gvSvgJ8WPC/ xb8Z6r4G1S/8HfBzXvAXgjQY/GVx45T4Z+KPGPxo+LPxE8aal8P9Sm8D/C3w14f8O654Y8faT4Zt dL8N/DfwoNDsrTU/DmmW8fh2QC9APnnSP+CUus3Gr2mveN/i78NfEuvRav4a0uTxBef2/q2pQ/Cy dv2tLL4peA7ePVbxoJdL+IOiftC+FtP1nSJimla/H4NNvr/2iHTvDjWgBL8GP+CanxM+HnjT9l/W b7xv+z3oOm/BHw7+zFps+s+BL3xjD4r+Hdv+zxYeONN8cfD/AOClq+n6Docfw8/aol8RW2u/GFdb /se7t77XfGdpqGmfEGWPwlrWhgHXfEn/AIJgeG/iT8UfjPrOsQ/s8zeAPid+074x/aTbztPvF8We IdS8ZfsR+Nf2b4NG8b2dpptvp11ceBfiv4hj+KfhnWU1vVDdRa34iuzY6L4ktra51MA7D9j79hL4 ifAL9pTV/jp8VPjdp3xX1C/8BQeH18Wp8Qb6216+nvfh58GfCeqeE/E/hO68Ci58U+GNA1z4Z6pr XgnWtf8AizqaaPFq6yWHgHRte1TxNrWqAHy/4j/4JLfEyy+Cms/C74efFb4BQz+Pvhz8NvDnxXbx RplxqcHjD4ieFdU/atvdY+LVtqfijwx8RI9K8bAfGv4Ux6f4o/4Re68XXXh/4YXngvTPEfgaKTwp 4n8NAG3r3/BIjUvFFv4u8Q+I/iv8Mtd+LPiLwX8e7G3+JOpXni+bXYviD40+F37O3hT4HeNrvUG1 F72S6+DXjn4S+N/HWhz75brw7q/jeXXfC623iPUdevrgA+ifg5+yp8Z/2cf2lPjJ8eND17wr8Y9T +NfxZ1e2bWNW+KaeH/7J+D3xR+OulfEbxLdePPBaeBNMfWNd+A/w4tdT+H3wcv2+I3xFvJYk0jQd G0L4eeEdf8S22ngGX8Wv+CavhD4t/tT+P/iz4nsP2e9c+F/xL+Nvwa+NfjHTta0y5fxz4kk+Gn7M /wAVfgHfeAvEcNvYjSNd8Oy634q8I/ELSb291tlku7fXtM1HQs2+n6hfAHzb4u/4JX/tF+N73QYN c/aK+DYs9K/ZK0H9nDWfE2mjVtK8Z+OTD8CfhV8O9cXx1rmm+HLTxv4ssv8AhZHgXxF4/wBN1/xD 8TNW8vT9f0PTdM8DeGde8P6l4l8TAH058Rv+Cf8Aqeq/s4R/AnwnqvwF1/w74X/bju/2nvA3ws+I T6/a/B5fhOPiNrXjuw+Bt/Z6La6pd6LpYTWru0EGm6JqvhawmmkT/hHtU0bzdIuQD5c0j/gkj8ZN Mt9dttT/AGl9A8UapqH7LeqfBvwf4wl8d+INAufhbr+p/s2eL/gd/wAIJpWir4O8Q+KvF/wM07X/ ABKvjbQ9Lvfi54YNhqcVrr2qeC/EPi/QdG1xQDvfjZ+wr4/+HureKfjf8NfE3hvVvEnjf44/FPxV 8ZH8MeI9Q0bxN4o+FXxM/bO/Zy+NvhC31671HW7C313S/gp8Kvht8R/DM3hpHuopIfGurad4U0a+ tte1601EA/UP4TfAf4JeIfhp4H1zXvhH8N9Z1nVfDmm3up6rqfgzw/fahqF5PArTXV5eXOnyT3Nx M2WkmmkeR2JLMTQB80ftrfDyH4ReD9F8W/BL4e/sl2Go6lqVp4I0D4f/ABD/AGepPHPib4p/FPxd f2unfD7wd4MvPD3jzwBa6L9uuvtj67eajZ6xBpOiQah4nvJbTSdB1HeAfXfhT9m34Rjwv4bHjb4K fA6TxmNA0ceLpPDXw90WHw5J4nGnW/8Ab76BDqNjNqEWiNqv2ttKjv5pb1LEwLdSyTiRyAeR/GvX fgr+yN8Pvj98ZZfhDo174U+Fvwj0rx7c+C/A3gnTptT8RatBfeL7a20/S9O0/SrkLqWuXUOlaVLq JtJIrO3WO9vz9isJGQA+PfB//BT34GeOfjL+z58JdE/Zm1DT5v2g/EvibQfDMvjHTNK8F+L72x8O /F/4zfCi+8TeEfAPiHwraX3i3RvCcPwefx58Vhcat4a1DwD4R8beFDYWfjDWX1LS7EA/X3/hBfBH /QneFf8AwntI/wDkSgDK13wR4Lj0TWJI/CHhdJI9K1B0dfD+kqyOtpMysrC0yGVgCCDkEZHNAHw9 4o+NWsfDv42fAP4HQfss+DfF/hX4p/CvxJ8RG+KsXjDTItX0rw58KLX4bp8T52+Gdl8M9e8Q+Ite 05PiRoU/hrRNH1a5vfGEyX9tG+mXKQLcgE2l/t3/ALBmrRxtBdNDNBo/xm8ReJbO8/Z/+I1tefDz w9+z7ZaDqHxe134nwP8AD0t8OtK8IWvizwi0l54vOkx6xL4s8O23h/8AtW51W3iYAp6D+37+wJr/ AIk8OeDUvDo3i/xN41l+Hlv4W8VfAP4geFtf0nxcfHEXww03S/FOl674Bsbrwt/wkfxMl/4V74Vu 9eSwsvEvjCC90bRri8uNOv8A7MAcL4B/4KOfsfeNvDfhDxle/DbxV4R0b4heGPAWq+CPCur/AAF8 f6v8ZfEPiH4g+JPjZoOheG7H4T+Efhv4i1O+t9Si+BXjLUdG8Q6Lq2sWWpR2V6lzb6Xb2tpfaoAe 7+CP2s/2LviV8T/AHwk8Ay6f4r8T/E/wtZeMPBmoaV8HPFjeC9R0rUvhj4f+M9lbXXjy48FweEtI 12b4XeLfCfjM+HNX1ey1yHSvFGhLcWEV7qMNqQDD8UftpfsU+Dde8W+EfEGm63beNfB/jTw94CvP Atr+zV8VdV8ca1r/AIt0j4oa34Wk8IeEtJ+Gt7r/AIu0PxBp/wAF/ilPpviTQLC/0GSPwbqE0uoQ 21zpc9+AYGl/tr/sr+OPjp8A/gp8I/CemfE1fjbqGpwTfEHS/h34g0v4f+GLSL9nSf8AaT0SKDxl qXgOPwd4j8Vat4G1DwPqF54GtPEtn4o0DRvHWlazqdgn2a8sEANDUP26P2ENMfx1HeTXKSeAdUvN DvIo/wBnX4pXE3i3WdM+O2l/syaxpnwtht/hrLL8W7vRPj3r3h/4X60nw2TxQumeJNf0VLx4rLUb a8cAn1H9uH9g/Q7rxFD4n1Ow8H2HhVtVGteJ/GXwS8ceFfBMC+FfH/hT4WfEa4g8b654EsfCl7Zf CD4i+N/C/hH4z6hZ6xPYfCbVdTkPj250G00vWbrTwCjqX7bv7Gkvhmy1nwinhnWdY1PXtO0Sy8M+ Jfht4y8C6hEtxqnwLgvdR1uDVfhpd6v4csE0X9o74Pa3ot5rGiW1h4h/4T7wtZWl9ANSuLzTwDJf /goX/wAE+R4X8Q+Lob+6utM8PLZXQtrf9nD4rNrniXR7yx+K2pt4n8C+H5PhnFrPjrwjYWPwK+M9 1q3ivwpZ6t4f0yD4ZeK5rzUIo7W1e8APufwnpnwx8beFfDPjPw94T8O3GgeLvD+jeJ9DnvPCFrpd 3PpGv6dbarps11pupaZa6jp1xJZXcLz2N/a217aSs1vdQQzxyRqAdB/wgvgj/oTvCv8A4T2kf/Il AB/wgvgj/oTvCv8A4T2kf/IlAB/wgvgj/oTvCv8A4T2kf/IlAB/wgvgj/oTvCv8A4T2kf/IlAB/w gvgj/oTvCv8A4T2kf/IlAB/wgvgj/oTvCv8A4T2kf/IlAB/wgvgj/oTvCv8A4T2kf/IlAB/wgvgj /oTvCv8A4T2kf/IlAB/wgvgj/oTvCv8A4T2kf/IlAB/wgvgj/oTvCv8A4T2kf/IlAB/wgvgj/oTv Cv8A4T2kf/IlAB/wgvgj/oTvCv8A4T2kf/IlAHmvxj8H+EbL4WePruz8LeHLS6t/DGqy29zbaHpk FxBKtuxWWGaK1WSKRTyroysp5BBoA3/gb/yR/wCHH/YpaR/6TLQAvjL4NeBvHvxE+EnxP8T2eoX/ AIn+CN/4v1f4fouq3sOi6frHjXw3J4S1fWL/AESOQafq2qW+gXN9Y6Ne38M02irqWpSae0Et7M7A HqlAHzn8XPgv8OP2hV+I3wh+Lnhy08XfD3xX4S+F8viHw5fqsllqq+HPHniDxVptvdxukiTWw1fR LCS4gdGS4gSSBxslagDwjwv/AMEyP2TvBGufDXVPBfhbxL4S0n4Yt8NLrT/A3hzxbqWj+A/EusfB rx940+KXwo8QeMfDdkIoNX1vwL8Q/iF4v8WabeW8unrqmpaxIniaHXbG3tLSAA/QOgDI8Qf8gHW/ +wRqX/pHNQB8/eJP2dPhb8bNE8C618QdL1XUL3T/AID/ABJ+DcDad4h1nQgPAnx98N+CNM+JNiJN GvLK5i1DUrPwVoKabrNtPBqmhyQTz6VdWs9xJJQB8ywf8Esf2fPCnwe+Mnwz+FWo+LvBPiD4wfBr 47fB298f6tqk/i240yx/aA0XwBo/jLWD4XFxoGgzyqvwu8EPZ6fpaeH4LODTby10ubSzqdzcUAcv +y1/wTH+GHwpj+GXxA13xhrHiPx98PdRu38G33hfTP8AhDfDGkfDlfFc3jrwx8J59B17WfiNrmse HfCfjnU/F/jCw8Q6v4xvfHN3q/jzxXZ3XiU+Gbqx8PaeAe7/AA//AOCeX7N/w21/wL4l0DT/ABxd an8MtY0HU/AJ1zx7r+r2/hiy8J6r8cdV8JeGrCG4nAl8M+GX/aI+JllpGm35u5I9OvtJtbq6uhol g8YB4B8Cv+Ca+g/s8ftj2/xs+GnxPutJ8IaX8OPB3guD4ez+FbzU9evvht4K+CPg74EeEfhvrHj/ AFjxvqVhceHNEvfh3onxMOqaX4A0bxxqviiG303V/F994ehuNPvgD2X4bf8ABNL9ln4VfEG++Jvh XQ/GX/CV3fj+D4jxXOqeOdb1G3sNctIfj7DZ20EUkiyXmnW//DTPxelB1qbVdUuX13TlvtTuofDu hxWIBp/Cj/gnX+zh8FfiB8PPiF8P4PiNpdx8LbXSz4N8I3HxL8VX/wAPrDxDpvwN0r9nCXxxc+Dr m9fS9R8a6v8AB7QdB8K6trd8s/ntpSazb21rrepa5qGqgHG/Cb/gm18GvB174g8TeMfE3xE+J3ir U/i/4z+JugXmueLvENl4e+Haaz+2QP2yLPwt8O/CSaxfaZ4X0mX4neHPh7N4za1kf/hNm8DWMs1v o+mX9zoUYB0PiP8A4Jqfst+MtU8cXHi/R/HXijw1481Dxrd6l8Ntd+I3im/+GWl2HxW+Jvh/4x/G zwv4f8HS3v8AZ+meEPjl8SPC+jeIfiv4aJuNL8TwxX/h1IbHwrreuaHqQBy3hj/gmh8CdM+JnxO8 Z6xc+IvEth4u+FX7L3wg0zT9S1jxBL4k0rSf2Z/E9p450bxBrfji88Q6hqfi3xZ4y1Xw38K9N8Xa 9c2WmahrPhr4QeB9I1u41t7OW+cA8e/ao/4JM/Bj4m/Dv4daH4B165+H0nw0m8E6Pbf8JNZ+KPiN o2s+GfCg+Plv4S0u/wBNs/iD4A1SO+8O+Lf2lvGHjO31VPETxanPpul6Dr2maroaC2iAP1b8C6Bq vhXwR4O8L694ov8Axvrnhvwr4e0DWfGmq2Om6Zqfi/VdH0iz07UfFGo6bo0FrpGn3+v3lvNqt5Y6 Va22m2lxdyQWMENrHFGoB1VABQAUAFABQAUAFABQAUAFABQAUAeXfGz/AJJJ8RP+xU1b/wBJmoA/ /9kAAFBLAwQUAAYACAAAACEAY8LC5FgBAACYAgAAEQAIAWRvY1Byb3BzL2NvcmUueG1sIKIEASig AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJJdT8MgGIXvTfwPDfct7brpJG2XqFm8cMkS ZzTeEXi3EQslwOz276VdW+vHhQk3cA4P57whWxxlGXyAsaJSOUqiGAWgWMWF2uXoebMM5yiwjipO y0pBjk5g0aK4vMiYJqwysDaVBuME2MCTlCVM52jvnCYYW7YHSW3kHcqL28pI6vzW7LCm7J3uAE/i +ApLcJRTR3EDDPVARB2SswGpD6ZsAZxhKEGCchYnUYK/vA6MtH9eaJWRUwp30r5TF3fM5uwsDu6j FYOxruuoTtsYPn+CX1ePT23VUKhmVgxQkXFGmAHqKlOs96IMHg7KZXh02kywpNat/LC3AvjtaWz8 Lfb+tRHKAS8mcTIN4ySMbzbJnMxSv94y3N3rTT5G2/qcBXjge5Bz6155Se/uN0v0g5dek3jieb2r 7eJfHYCyi/1v4mxKkiZhT+wBRRv6+18qPgEAAP//AwBQSwMEFAAGAAgAAAAhANdTnDCQAQAAGwMA ABAACAFkb2NQcm9wcy9hcHAueG1sIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA nJJNb9swDIbvA/YfDN0bOV0xDIGsokg79LBiAZJ2Z02mY6GyJIiskezXj7aRxtl22o0fL14+oqhu D50vesjoYqjEclGKAoKNtQv7Sjzvvl59EQWSCbXxMUAljoDiVn/8oDY5JsjkAAu2CFiJliitpETb Qmdwwe3AnSbmzhCneS9j0zgL99G+dRBIXpflZwkHglBDfZXeDcXkuOrpf03raAc+fNkdEwNrdZeS d9YQv1I/OZsjxoaKJ2NdoIht8XCw4JWcyxRzbsG+ZUdHXSo5T9XWGg9rHqEb4xGUPBfUI5hhfRvj MmrV06oHSzEX6H7xAq9F8dMgDGCV6E12JhADDrIpGWOfkLL+EfMrtgCESrJgKo7hXDuP3Y1ejgIO LoWDwQTCjUvEnSMP+L3ZmEz/IF7OiUeGiXfC2Q5808w53/hknvSH9zp2yYQjN96jby684nPaxXtD cFrnZVFtW5Oh5h849c8F9cibzH4wWbcm7KE+af5uDGfwMt26Xt4syk8l/+uspuT5qvVvAAAA//8D AFBLAQItABQABgAIAAAAIQA7SI5AbAEAAMQEAAATAAAAAAAAAAAAAAAAAAAAAABbQ29udGVudF9U eXBlc10ueG1sUEsBAi0AFAAGAAgAAAAhAH3MVJ4NAQAA3QIAAAsAAAAAAAAAAAAAAAAApQMAAF9y ZWxzLy5yZWxzUEsBAi0AFAAGAAgAAAAhAIyWxW7zAAAAugIAABoAAAAAAAAAAAAAAAAA4wYAAHhs L19yZWxzL3dvcmtib29rLnhtbC5yZWxzUEsBAi0AFAAGAAgAAAAhAAxXAywVAgAAdAMAAA8AAAAA AAAAAAAAAAAAFgkAAHhsL3dvcmtib29rLnhtbFBLAQItABQABgAIAAAAIQAvSHhnAAcAAAUTAAAU AAAAAAAAAAAAAAAAAFgLAAB4bC9zaGFyZWRTdHJpbmdzLnhtbFBLAQItABQABgAIAAAAIQAwD4hr EQcAAN4dAAATAAAAAAAAAAAAAAAAAIoSAAB4bC90aGVtZS90aGVtZTEueG1sUEsBAi0AFAAGAAgA AAAhALNE6lTzAgAAvgkAAA0AAAAAAAAAAAAAAAAAzBkAAHhsL3N0eWxlcy54bWxQSwECLQAUAAYA CAAAACEAhllyJzALAACuPgAAGAAAAAAAAAAAAAAAAADqHAAAeGwvd29ya3NoZWV0cy9zaGVldDEu eG1sUEsBAi0ACgAAAAAAAAAhAEsqoid0bAAAdGwAABcAAAAAAAAAAAAAAAAAUCgAAGRvY1Byb3Bz L3RodW1ibmFpbC5qcGVnUEsBAi0AFAAGAAgAAAAhAGPCwuRYAQAAmAIAABEAAAAAAAAAAAAAAAAA +ZQAAGRvY1Byb3BzL2NvcmUueG1sUEsBAi0AFAAGAAgAAAAhANdTnDCQAQAAGwMAABAAAAAAAAAA AAAAAAAAiJcAAGRvY1Byb3BzL2FwcC54bWxQSwUGAAAAAAsACwDFAgAATpoAAAAA --Apple-Mail=_3D81961F-5B6F-436B-AFF1-AB82E8083C41 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii
--Apple-Mail=_3D81961F-5B6F-436B-AFF1-AB82E8083C41 Content-Disposition: inline; filename=SCIM-Ticket-Plan.pdf Content-Type: application/pdf; x-unix-mode=0644; name="SCIM-Ticket-Plan.pdf" Content-Transfer-Encoding: base64 JVBERi0xLjMKJcTl8uXrp/Og0MTGCjQgMCBvYmoKPDwgL0xlbmd0aCA1IDAgUiAvRmlsdGVyIC9G bGF0ZURlY29kZSA+PgpzdHJlYW0KeAHtXfuT28aR/h1/BWzFNGXaFME3rSSbk7TaPDaR7Vuf4rOd e7gudXUVX5XP/3/V9Ty+rweYBggQoOKUN66KuMRMY6an++vXzPCH8vPyh3K3LY/b5Wm/Wh3L791f u+1quVqtqvJv5f60Xu6tb9jjb+V/l2+L/y2fvfyxKr/7sVwt96vDcbtZy6fDxv9PPm22p1V12pc/ fldu9vvl9lged8v90b1yv1uuj+V2t1ket+X//Vfx1wkHlU5tvzm6qWx3u+XKvah8WyajLlfyn4zu Bxnseuv/8h+qY1kdHTdWh+K778sXD/Jc/tiUD9+VW5mj/Cf/VPtVua7Wu/Lh+/LZw0O1rMqqfPhr +XU5f+/9J794Kn/NP/D/P3tafls+/L64fZBpTsL9ws3jGhPV6a2Pp7bpffi0/GQl051/M/efdvLp qf+0LecfPS2Eie5fx9VyvvjYfZAHnwQulAO4UORSWZfBAVwo3LKdW+4yWW5ZzNpyV8qQorHeHy6f fbR6VoXVruJy95po0VPZeky0oDb2n6gud7VVcW5Obx1X8In7V5Z99j6W/Zn/sCnnFZZ/4z/Ium/D h2KO9V/s8GgIg5poVBCfLpYEzx4nCUWH4ndJwmFTNVSjgOZ/+J6IubBoJbLgdL6XEPwE57herdat c9wfoqjL0v6jTFIlfb0+bBpTI3B/+LRoIttsMVNwOw6Y8E9Gtde77RYTbqo2oXwJ5YS6igB72F7M 8OlUm7woT2qALnQiunCtuMBeR7XV1fZWerVfFw0rPf/0+dPy4X/+EfRTJ+NtskzGcDmWXnIFd3NI FqENQk3YlpWUb8QmY2mx6FEcFLRJ7Ze+i1h6dCFVitDBSYyMgK+Z/coPSt7Dr2gn2OvXrpdYEAyB b1StW4XhFvMh6tcEVXVsYTjElIgb2yWBIzxG4a93pw0fwl7AJ88+/uDm+ORXMlfnOH60eFpcjK3v eK4qoMGLsCf4mwgoXGDKwj95ESjmMwrFC0gbBedlDXy6I5ifDPJW3lMI7GgiL/SIXHArHxCXX8Hh QtvgUxfUQTbMPKrt6eAint3qtDzsJarbb5cribwkatkuq93pdPCinYZwlziNwUuw50eMgWIn/t+N n2oKFZjhLDqJxZxtCDTgBmUCIQabogVFLLxbGcaWGVFyHyMB8cWrGck983gmYEU0JJ1brB5HB0KY Ujlnm0hQYVZAsF3ZewWxfX3ZbT2qCc5QTWHpy0YnT2Bdx3beYw7AJyYqDZ7We4me1/KazAy/vnv+ +ubutzfPE3N8/iUJ4kjYUp1Op4zwp6/r9l1yD6d1uT1tJSEgCrGufErAqcO+AfNDIkUdiLPNbiCp bS5COgDxE1WCHwh40cRJuAx7SDmKSl7MF11xFylBBxZK8ncN2SxUfvmWmcQtHn1ISMWeX5Ek5V+M tPOYxcRTzfmM3X4PVaC2UKPUyENVMX70IZXFbIZ3cNScmdKhu3rsMqC9dKpHYkjXv3L5gaYAxHyQ roWMvJcyxbxTQt7F5y3kJ7SsZ1WvSIbkrFvLkLB6tFDE1wW/euIyRc7XiZIHxMXfbNhm3ajMNeu2 nyRu8KbNTa4JLJLek9xezXumxPMDlOkWmhe0WgGfEvyHP7AT5v2KarJgMzaiL0wVYhvlF18LZWJj 4bHKXzMVWVOKEVz0rq9laFr4OcrQFLmhsWRyPtDQ5Aro9W+zT/Hdqff803s1NB3qkxEMBiMnKALG YJzrxrWNslFoSEVjAvkBShI58eCll0bROIhFlKoiSd9m1PgFrNgZGI7mIIHhGH1yOH+EUihoY4QY etCfYs4+tDxMJy+acME3ChGV8SErEiHcXJKLIdwsHQQwz180f+9PkjdFWmLQ2AMY5yRFnMBdClEK xnG9IBJo2+Qu+7aC8eG03K2bocakYLzZG2BM+YTs9I0z3MQlBGkPCQis4AWb1oRByOyKeS1KcBJ/ YZRQZFGCulYDo4TLorsO8Db5Pz145zI8DXgfJe+bZQHfXKZuHrwNgqJtf3LegYAs5JFiFFWomMPF J7pJoqyRkOMjLbEBfz/7HI2ZraYb3HxXOad65I8aw0itAOGWIq/RAL8iaZ8iTiDXFQDtcmpMz4p6 tCTHqgZPYwSVJ8f6QXxaxdnUPQWfqmq+zhv0kRjcmEEMAWYLenXiPiqznA8WkzVbcWO3rgR/NXdW hmYgqC4tQR7+K79YcLFfAQ3f95GfZIRhOiDwdFo4Y36jJcBbCHHoXWjeWujX2ZOWGWouaiNuD3W9 orugn0qE6aLWlu9quRAneM2lGIpyZq2jOlarjPCnXyjKOYGLuZDtSXZhXC0XIgNJ4TZqcharqhPI GIeyRhSkHEYUKyh0iMXYIvMLSYTCRyiUhLPzAgSsiaDwf2apO1lPjLA73wkNShzWDkhnt2yo/+xM h2gUh6VUNGzmfLIx5wND2Mk+1EQOgo/Ye0a95TN2O8TdHXl3xTf2Uor5V4xj+AhMTGzWQnCoPxb4 TTEXbILoska5MomFv9QaZSFgtEF1RYkGI1MUsnxwuaQjjggYkiV1GrobhwTd4Ejotqh0jk/qAJWu ZwXNRSXowIy9gzgCljOql6aHwGn6WlRJdCHr0RRm2dcrHKpJAEK1JbSSzi3sL5UUhLJ6RWKbwZuB kYjUWKNeDsmtt0ciQTybFbXJIxFDC4ba6FzlXRrpsD2kptF7nZ8+qI3uUNiMoI9EDIKCU+/5NRY5 YNIELn9Ya6m4cvWp02hCXFbdporwGeOEj51dkCoAJe6lf7dYVriS5psU3IdMOeRp7DnXQvMLyfvs jE3+74rK9pCgt1xBQoOu3HhU3rhC2TVjE5lc028VEabIAXneASrXREiA9OeR3bH5PzmmGjI8Dabu ZSd5lt35rWJqEvdUJ9kb0Yh7RpQ7tCLmsVgGYggysjcUaH4gmC7o0BMrf4kYm9/0qtPSF4DWhCgp CU+GF1PrWXypRtOV4AQ0lCMWcdx/hL+hjWCE2J+N2Z2PNBAC3PERxwGQI/6hKdkhTdUkXKv61RFO 2KIxcThhKIIAadyOrWnJBEgZbt65+FNy4vcpnzosc56B8FUIe5pYDS4u1ym1UyF3irZh5XT/Dvu2 ViGg2/XoIc0UFe7AysW7naoae5kfojZD4xL20omnfGN66mrfeEUX1ifSHFjBTpBikkMoQJ8L7/4g OmNsmREl6zESEK/vdvJ1jGS3COncQps5OhDSKbFNMr7gJF4cPSTrdjbH3B491FawrGJiapSlM3Y7 OUFp2oGhli7XLxc97Ncy5uzMkdvP7JVXlLgOcjHbt9rIBqiG1RO9uDRr0rR65qB+DlaPSgEVIEjx CbVE460vnY5KaIZONGdsSzJ81GoE/c5osTtJab9dw2VUdfloza+P8Im6jKApKVMbwbWcyMl05J0a QXOaWG4uLtdpSiMIVb+eEUzZSyPIbAAnRWFmAopWgW3UIay8EZQswuxVYjME1eSrBawdKYGVpIgW sW/hjiD2lPTUP/AHWnv4BzET02FnUibxiJFhZ3rs3Q36ZO2qdeZART2sxTR2Zrc7dtkZsTfK3bNO YpJi9lGSENdRkzlUUCxuXrOhkKAJ4XHBT186U5iAKxwj5KLYUPaIBtikoMIRoixn8sbOfALV1cq+ yjT382bD5dQyWac/jj5EC7UfM74djTBy/B07SZKvhvhnV8o5fW3VeVskRmK3f13zcLXPwRlCMnaH lEFSoqMGz8o50UnW1omIIBDgBW1b+C3olSpGUt/fHI9LOYNxxfq+vTzcTchJQR8o9fRUbuHY/0uM IdiHbSl4/MBHVBrSexW4JukCyjCT0ewGjvLlYPWiyclruCrtAG6z0wDwro3i0YePAF7fg+KPRVSG SA4F8Kwq4I49VtuTdTkBA4XXKXc7YCEj7gHcJr5H2p+igMUlHL0lyBNJKaGEQkoLP4AOZENr9ypa jMJJWbdP8R1vP+NT0KSO5wQ4Dw6NYsuh1QC2hzHX0ClUMmxWSho6Io+8cYClTa+o8CgayDerZecq GYJj5NMLv6qyMSHOvZi/vHhIPkNUmzH9R12OuBuO4KNLjOVH2zoKF3oRQSsKHzbuEpImCmceoK9U 9tpLpMsZDg3UJuddm2JMJcPxQvepGqEeBRK8YN4nq2SU9X2qsUxMICds38IMkDb43Z7f0er1+PxO DyVqh+0a/ylco2Dbyu/Ia5ru8VDYtvM7co9Ok7DID2H7PlU9rWpsdsflzlXoGifbJsrv2IPqk98h ivzZeeV+Y2xIA0KkjNIAxQ6eCtoSoEGMvjLdaUozXW+OgGQJ3XwUcCXZ6sAmJMzeKJGrl49h1o7o Re0iIb5LdzrxK2qe0qTloR2gCcLrFKHBnxknLRTVaFyr1qHQFy2ZKbo1GNJBdbgcQTGSmDHslHI3 TOVZnV6WzC2GyN6LhiUrR1syc8ZYDq59b0s2oNZBjb9amqfGbyIpJgcppF5gL+YtrAduhFhw+lE5 EyvGQ52UbpixV+Qe3iheR1hG1RJG8NQgrbygG8cD5yF9lcrj52J1WgOMzD/onyFSJfGnrasaV5n6 0HoqZ0LG/jomizOGCBzq+M/qU4zsxbpkZ7OtQQ21Zlmc4IOQzb52JDpuJaQ1e9NzBhlxH4TYxL/y YiL5H/KL8tcezhOKibvGikCgowCpy0O7RDLqsubPaKIoiFhhLjmHToJQC0j1TPfkL2ZppNzDeVKR DLht8/HiCKQ9oyMvavo2vTM6ubfkYwmD5LmMTgwvAAfgaODwEATebpZbt5PkaghcWxgiMCUKEKyY N6PzT1HC9NR1v6TaXDPigsISDfLMW+I2UbSJYkTfjgGxDW/YwMxGxBL9I7j2WCLwvxk7j4olLPSt LXMwCROh7yo7sJzGEv+aom8SS6yPy02zVjyiGqhwE1B7ZR3k7BFLUKaI0djqAFWmjOVeO5rUfHSH BGookg1S7E+IhkQSkDkaNmEnTU5RVaGFVBB8wYMmJJyZjmRcGAV6a1tOHYbCnmjMKfFlHHzC01By w6tsOh5Dk4GptSRpHRu/wrBfwpPj7JmDI1s5IQ4xN4p8RNbHV+kJITbBfDAGDopvzFggMvNt0XaL 4/mzaP0ul1XtiMbY1Nka/vZy+qLL1GGM8xf1NsYp8cY5On/rVbXJibssmDBfwrBd+EfYK3/Mmhe1 xPOQG6BQu3UdWKtVTodMXcsYEb5AYGrW1emPpOMonJCm1Lo63eixlyu55Kq2ug3rmuyqJ3hQZG/D YJP7IPIBxTYJHcysv3Udgf4d1tU0BNNb11wUp7Gu6212ojy1rl+k1rUjOrNjG5s4rGT7LRzpOW6i a451EBOKFL6AnZRas5N18fOIoDn+Ug3yR1laTx1riF9Wj8cDjIViTmSOY0kS/WyTdOqFj3mSyV/h ZPO9pqC9yKcI2di4EbJZ9ou23zxdbSSlFZJV8U2F880EUzpP1Su6BQS26cNj4oKlsXFnYGSUyVuh u9osBWK7AqOR0G1Pjt4WBOkRulfbq0C38L8ZyAv0TQ7dxjJPA93VsXY6vZmWehgF3TZxXoP3Zdye RPAMyFXMkV4iWhP2FjPAMtWVjej6alaUzjR66cahFMyH4FiCLh4m7TmOg0lzE5DxoqFeajJ2nzIy SIrw9riiY32S34XIi8cjNEyHFlxSGZqhV924Ft3NhjjJhHbegmvxeNDxgtpSOkfgZ3HJkc3/yXHN kMCAa8/vbp5/rafWOqx+5jX6dHtVZUeLnUsqe318SHI3DtdM4m/pSmSuWDDD6c3Ouknzz7EcTIyD /wbbTWoJZMXsBfoSA9EHNPK+Co4YFLARfUiMisSJGRXbdDN+qGezPxIwHDfVF6+i080+33zjA7l1 UhnD+Ij46A36i28vXc2QaLBlpab3F1oIv+/IJn+uWpsKywvPE913NLRamxaQA/CbAgy+crnJcc1g 4XAh2mIN8Df7tu07Wh/X7veWmi7xlKajejxBrfLaueXBV3Onvh9P5N0w3dObjlyGaTru+92ibZuO lRS/890VNB199/tnxH3O3yaObAYBkh8iMKYbh4mVQH9FKtoQAisxHCjqstit+QxQ5CsI3TAsfBKa JjCNJAZNDpMuwIiMOogG8Eho8bVNa5VvP+eAYDmcc+cmKIkDzJk4BpTCiMZaDns1dT2E+6qJ532Y 9hS18aKxzr9BUjwkcIg4Tt6JDYheB9iKtuAm/mbfVhuwP8gP3l3TBsjkDAyiVkHwammRx/Ah/Ihh jx09cQtCe0bb5v/kNsCQ4UlswOmUnCULdeg0epAoYohaJ7Gt3I1v0+5hAZpqVt/4Qhw0fPT8lotC b/pTiCVgE8JJNAVXpyc1cI2wAPXHOHuDa76hxWVWhE+GCg/H1pjebsVWYz1GQqtB8Ryy+oSz1mqb rMTf55F1t14ernn7tL0qj8AafkI2L4VP7Fzb7J8aVw0BngZW5cduOzzr+xRWdRfOenOQ39UVbyHd 0T9NvOhgZm2d7uUpKTrS+XE95pvh+XIPPtwLqG1WAkzq5s22QM+sPmVcR8oR0F8GNQJ3jAh0hybG RIzHF+iaZeUJOmG/f7LXBY6g7nkBMb6f8Qep8JG3SiFlxFa8+smwSuyIES64OGitpVWZnpro8zGw 3szIu1WGbx8VUTLEWyxWNJB9o4HUu7JKAYbI9rZYKW1rv4pBW2yXvV2lweG4XYXqWt+uMo3Cup9u axli526VR99+Mt/eZv/kJijXpUlM0HFvngVGXeBNChvnA/a6Z2/T7uHZpzn0sOeQWEfYBLLi0JW9 GzEiDbvTMDAzBDqA+4XGC/gq9pYMNLuTYMdQX2RZauKzRBYB6PEKAj7nh3nxTZmBgrWxE1iK9h3L Zkcasm5TRhoqFH5/iy0VPPwNjiSpCLLgznFNypb3PaUyn57L9ocBNPduQw64AGmix4cjmj9D2+Cb qJFl39ZEz3q93OZ14vQQ0bhr6GrMfTwXILuj+p/cmuBcgM3+UbbAOGIsb2nq51BbkGuGXAxxXJkH jGELvki1LglHVofl5moHjGVM4kM2lRU2hIDKD0TobM9MxE/VVkYwAFJqPAHnbEChV/sAtzgA+ODl nLaGEM4XYJSsQag9YRuNgIItxN+MDQBHGALjrnz4HJ3+pERMX5GajhvHiJNjPEQ4MlyDvUgIo8Co ZkoQt4GTynXnSOparmVihs/iWJI5YtpyuRhnyQ/sh1XANPH37xDd4AH4cVkEdrE58KX8oD3ls4eH alnRHFyaM2zeIGLjxblCfssFIs5Tk4r+yxRkBnku3rSbaIGVoNhR0VUwgAFoG5ZTwYJ9W007YLAe 5k1o2v3cmmtJgYaYJX7T45G/lz+GMG8K026yf3LTnpvgSUz7YZOdr3UFnHtr+5ea9uq0lr3ljUyj SPQ0d4fImAzTDviAPDMyYjWGEMxvBDRcDSbdImSEamqHaIeh7SSJVNrSo7iEGnQSqGhs+xZeyF8c FwW78DdbhDkoiCCm45w4EN52YIexMf5gIZ9vyC08+MYmLVddObyVqhU4EFko4IxviHgcJIdNL4LG 8zLjdvFef2/cgvxEQGRRcrhxSw9kWOlF4z2904vZphd/BMOg+K4KYlTpupmaLhspc2sGJy5h+piN lJLNsbx6Qcxm/ygzZRxMNwQ4mqnnN8+TH9focOByzZAIdH8wj6XDTI3aambTVnRU88B4jZUKAh7Q VWOEHggci2dJiNGBrUTbHIj1pbiFk7c6AbSpZ4R/ni4hYZ1ojGrEbtbwu2PV8ryB25pQY+3kYYZQ NxAFfgKXhjwNv4N3zTAjzLeZlMAacCDXCDOqw2FZ5Rsapgsz7LWkXEEBHsOM1TZlundlJggzbPaP wm8jg2ioVMTv1zevBW17/NJ8jgQOvyvr9B/DDMkkDihLOA9VLpxuVGXdrmF5jVFYXjuEE5f2E6eA bkOWw0D5dyO+vPwT//qNAwz58+NfOOSWDw4E5Z/49SE283ZBvvZgKf86m+D/8bRAo5YMGA6bJreG O7BhKaQ0ItyyHFiDXSMdWIPiO3Ng9+twDfm1HFhbhi8GQCfFjyftjmUlJyTlf4eIG6Zqrw+bFggZ BYCGA2sIsAPA+5s7cWDvegGg6cDudubxYTiwLfcqSV10eWz+4vY0IZmgpYzJ8J9YcIXbQkeWYT4d GTRx2OjzLJ+pDzkzf57OtUvPZ+U/TxdflzjFcC3iWzSf0n6nRcRnfw+/+Muhpk5Hl4R0ty7qLbpD 699c8kau8WdjeuuaHM59TPIIeWMtFZAQ58wwAnzMR0jm81UZN/7dn4vUjWtsqWvBwIVjQFUCb8bf sdqjqSm8jkO79WstjMk/fJua8c69ZCNkOBh/2Xae3knp8z62PI/8sYnGJgVbj6kz4FbiBbPodhdz qvcpl877BhYg+mSRPd0hO9AIL9cymfYQKY2Mg6g1LKdRuNhGpNmZTBE8ws+Yn/1J8EVkX73PTrHN HHu3CbLodem7tYz+eteaRDFGHmXX6rrhfzTCWIlo117fPO93CNB07LdH6wwjHfuWrQHVploerrY1 QMZk1A+QhKfDxg9QWmAhoS5+SDbyUlDZhoiqB9UB/QRigCvxnmKOVzLLTnLooyDOTribo5h/6SBF riNUI6PNQZrTJOmhp1yGbQnoYFGT0Tpszk13DcQ6hLKVbfI3aAKMPKfhJP5yyZRH3NuQs6RsOfhD V2IMZPh7/tyWtc77mdotXZBwVjjiL1JeaulyxXbH8W3N7rZ03gss54ml8zGOC7T9h/9Ikfa86Uts ryvi23rd4xYWws217JzNK2oe5D7xCjpL8CNCwwb2qFcIOOCLqQ7oQkuLpoAg/xuvbkyCNNQvaiPp 3MIxpH6CkF51GNskxhe8kRLoZRrlc2urMzdnngsubdEaZYSN4DK8hWrr7pBSI/xweXC5FRwxjgvd R4fz6yZrww+8VtV+uW8W8Uc45qqtLhUnY5o6uIQ4QWTwL2USX9DS4Qv0jLJa6M479qVTSXlGJ1JD jJgoSrAG7MumarUychgTbDdegz1wpEE1Igk+UgvGV2NwsVfyI8zUVBJkJ+w7IGFjdwSdFh1oCIxp YclDTA3AQbJgRzIqDoazm208gEhOzDgG1nz5J807YPtv5+1xbDtP4bhqlq1mw9OykXprWtZ4z8i0 rEHxnaVlgTJXs70m0Pw9bG9NEsRc/iwuQLNxfnLLmVu4aDnvb57fX245N3vz/gKh6P1V2bGgTkmH v5rhhbOANu3zB2aLOZGVIAkfrXMXGOGWgMybSPgIEA08JfoyKZN05u6ymN1FJ1Jj/MRO1DsN5GJQ wEllP9lAcgwuvvKWQNzNz+FT8pv38Ei+cWtT3D6ULmdzLphS78TnCq3FkbuDyAXhfK+Vt2Mnod7l /GARkniAPLjLsoS97vK10ks+S1ibKNNLg7KEq2q5y3cWTOMpunOqNrcoSQa3GMRQQSCaj1dYBk2o +hfWbPZPjeA1OQybMongryVC6bGzIENZd4Gl3LBqxT5vohqJOqke6wbm43659UXHq1yVIGMy1P8/ 45B0Zxl//BYbhYkCLzzKSaEsA0v41gvNeSWNHdYKbEJlSC8iq5Z1iMbUIAYF+TdZmLCOFTXS1zlR EfmMtoHv5CN0K+Y0i8mv7eKpnq9MIq8Qg5AbJPmVzzUJD5hSzffL0ehxqhwjuSBtrv9LHrJaIoVW LcsWayvDx58bOW8DWyOO8LbavrXeEUduAV2uzlYBCAe5zAXVmipcHbQNS6ySy761PTZOteO9CtTt esSR1m4uPjzl71yurY2aVLgqUL7EunfaK6ezfiNITPtROsEJSimkneTQguKLd6PkzZYZUXK+zmep JfBXupjtS8J20rnFdDk6EMqyfaTjgClkTC7O9vHWkfKHs/lzyyfyJbfaAnpb5H5weZTFM0puhgpE i/fm5k52vMHiff7/VLpKBAplbmRzdHJlYW0KZW5kb2JqCjUgMCBvYmoKNzQwNQplbmRvYmoKMiAw IG9iago8PCAvVHlwZSAvUGFnZSAvUGFyZW50IDMgMCBSIC9SZXNvdXJjZXMgNiAwIFIgL0NvbnRl bnRzIDQgMCBSIC9NZWRpYUJveCBbMCAwIDc5MiA2MTJdCj4+CmVuZG9iago2IDAgb2JqCjw8IC9Q cm9jU2V0IFsgL1BERiAvVGV4dCBdIC9Db2xvclNwYWNlIDw8IC9DczEgNyAwIFIgPj4gL0ZvbnQg PDwgL1RUMS4xIDkgMCBSCj4+ID4+CmVuZG9iagoxMCAwIG9iago8PCAvTGVuZ3RoIDExIDAgUiAv TiAzIC9BbHRlcm5hdGUgL0RldmljZVJHQiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0K eAGdlndUU9kWh8+9N73QEiIgJfQaegkg0jtIFQRRiUmAUAKGhCZ2RAVGFBEpVmRUwAFHhyJjRRQL g4Ji1wnyEFDGwVFEReXdjGsJ7601896a/cdZ39nnt9fZZ+9917oAUPyCBMJ0WAGANKFYFO7rwVwS E8vE9wIYEAEOWAHA4WZmBEf4RALU/L09mZmoSMaz9u4ugGS72yy/UCZz1v9/kSI3QyQGAApF1TY8 fiYX5QKUU7PFGTL/BMr0lSkyhjEyFqEJoqwi48SvbPan5iu7yZiXJuShGlnOGbw0noy7UN6aJeGj jAShXJgl4GejfAdlvVRJmgDl9yjT0/icTAAwFJlfzOcmoWyJMkUUGe6J8gIACJTEObxyDov5OWie AHimZ+SKBIlJYqYR15hp5ejIZvrxs1P5YjErlMNN4Yh4TM/0tAyOMBeAr2+WRQElWW2ZaJHtrRzt 7VnW5mj5v9nfHn5T/T3IevtV8Sbsz55BjJ5Z32zsrC+9FgD2JFqbHbO+lVUAtG0GQOXhrE/vIADy BQC03pzzHoZsXpLE4gwnC4vs7GxzAZ9rLivoN/ufgm/Kv4Y595nL7vtWO6YXP4EjSRUzZUXlpqem S0TMzAwOl89k/fcQ/+PAOWnNycMsnJ/AF/GF6FVR6JQJhIlou4U8gViQLmQKhH/V4X8YNicHGX6d axRodV8AfYU5ULhJB8hvPQBDIwMkbj96An3rWxAxCsi+vGitka9zjzJ6/uf6Hwtcim7hTEEiU+b2 DI9kciWiLBmj34RswQISkAd0oAo0gS4wAixgDRyAM3AD3iAAhIBIEAOWAy5IAmlABLJBPtgACkEx 2AF2g2pwANSBetAEToI2cAZcBFfADXALDIBHQAqGwUswAd6BaQiC8BAVokGqkBakD5lC1hAbWgh5 Q0FQOBQDxUOJkBCSQPnQJqgYKoOqoUNQPfQjdBq6CF2D+qAH0CA0Bv0BfYQRmALTYQ3YALaA2bA7 HAhHwsvgRHgVnAcXwNvhSrgWPg63whfhG/AALIVfwpMIQMgIA9FGWAgb8URCkFgkAREha5EipAKp RZqQDqQbuY1IkXHkAwaHoWGYGBbGGeOHWYzhYlZh1mJKMNWYY5hWTBfmNmYQM4H5gqVi1bGmWCes P3YJNhGbjS3EVmCPYFuwl7ED2GHsOxwOx8AZ4hxwfrgYXDJuNa4Etw/XjLuA68MN4SbxeLwq3hTv gg/Bc/BifCG+Cn8cfx7fjx/GvyeQCVoEa4IPIZYgJGwkVBAaCOcI/YQRwjRRgahPdCKGEHnEXGIp sY7YQbxJHCZOkxRJhiQXUiQpmbSBVElqIl0mPSa9IZPJOmRHchhZQF5PriSfIF8lD5I/UJQoJhRP ShxFQtlOOUq5QHlAeUOlUg2obtRYqpi6nVpPvUR9Sn0vR5Mzl/OX48mtk6uRa5Xrl3slT5TXl3eX Xy6fJ18hf0r+pvy4AlHBQMFTgaOwVqFG4bTCPYVJRZqilWKIYppiiWKD4jXFUSW8koGStxJPqUDp sNIlpSEaQtOledK4tE20Otpl2jAdRzek+9OT6cX0H+i99AllJWVb5SjlHOUa5bPKUgbCMGD4M1IZ pYyTjLuMj/M05rnP48/bNq9pXv+8KZX5Km4qfJUilWaVAZWPqkxVb9UU1Z2qbapP1DBqJmphatlq +9Uuq43Pp893ns+dXzT/5PyH6rC6iXq4+mr1w+o96pMamhq+GhkaVRqXNMY1GZpumsma5ZrnNMe0 aFoLtQRa5VrntV4wlZnuzFRmJbOLOaGtru2nLdE+pN2rPa1jqLNYZ6NOs84TXZIuWzdBt1y3U3dC T0svWC9fr1HvoT5Rn62fpL9Hv1t/ysDQINpgi0GbwaihiqG/YZ5ho+FjI6qRq9Eqo1qjO8Y4Y7Zx ivE+41smsImdSZJJjclNU9jU3lRgus+0zwxr5mgmNKs1u8eisNxZWaxG1qA5wzzIfKN5m/krCz2L WIudFt0WXyztLFMt6ywfWSlZBVhttOqw+sPaxJprXWN9x4Zq42Ozzqbd5rWtqS3fdr/tfTuaXbDd FrtOu8/2DvYi+yb7MQc9h3iHvQ732HR2KLuEfdUR6+jhuM7xjOMHJ3snsdNJp9+dWc4pzg3OowsM F/AX1C0YctFx4bgccpEuZC6MX3hwodRV25XjWuv6zE3Xjed2xG3E3dg92f24+ysPSw+RR4vHlKeT 5xrPC16Il69XkVevt5L3Yu9q76c+Oj6JPo0+E752vqt9L/hh/QL9dvrd89fw5/rX+08EOASsCegK pARGBFYHPgsyCRIFdQTDwQHBu4IfL9JfJFzUFgJC/EN2hTwJNQxdFfpzGC4sNKwm7Hm4VXh+eHcE LWJFREPEu0iPyNLIR4uNFksWd0bJR8VF1UdNRXtFl0VLl1gsWbPkRoxajCCmPRYfGxV7JHZyqffS 3UuH4+ziCuPuLjNclrPs2nK15anLz66QX8FZcSoeGx8d3xD/iRPCqeVMrvRfuXflBNeTu4f7kufG K+eN8V34ZfyRBJeEsoTRRJfEXYljSa5JFUnjAk9BteB1sl/ygeSplJCUoykzqdGpzWmEtPi000Il YYqwK10zPSe9L8M0ozBDuspp1e5VE6JA0ZFMKHNZZruYjv5M9UiMJJslg1kLs2qy3mdHZZ/KUcwR 5vTkmuRuyx3J88n7fjVmNXd1Z752/ob8wTXuaw6thdauXNu5Tnddwbrh9b7rj20gbUjZ8MtGy41l G99uit7UUaBRsL5gaLPv5sZCuUJR4b0tzlsObMVsFWzt3WazrWrblyJe0fViy+KK4k8l3JLr31l9 V/ndzPaE7b2l9qX7d+B2CHfc3em681iZYlle2dCu4F2t5czyovK3u1fsvlZhW3FgD2mPZI+0Mqiy vUqvakfVp+qk6oEaj5rmvep7t+2d2sfb17/fbX/TAY0DxQc+HhQcvH/I91BrrUFtxWHc4azDz+ui 6rq/Z39ff0TtSPGRz0eFR6XHwo911TvU1zeoN5Q2wo2SxrHjccdv/eD1Q3sTq+lQM6O5+AQ4ITnx 4sf4H++eDDzZeYp9qukn/Z/2ttBailqh1tzWibakNml7THvf6YDTnR3OHS0/m/989Iz2mZqzymdL z5HOFZybOZ93fvJCxoXxi4kXhzpXdD66tOTSna6wrt7LgZevXvG5cqnbvfv8VZerZ645XTt9nX29 7Yb9jdYeu56WX+x+aem172296XCz/ZbjrY6+BX3n+l37L972un3ljv+dGwOLBvruLr57/17cPel9 3v3RB6kPXj/Mejj9aP1j7OOiJwpPKp6qP6391fjXZqm99Oyg12DPs4hnj4a4Qy//lfmvT8MFz6nP K0a0RupHrUfPjPmM3Xqx9MXwy4yX0+OFvyn+tveV0auffnf7vWdiycTwa9HrmT9K3qi+OfrW9m3n ZOjk03dp76anit6rvj/2gf2h+2P0x5Hp7E/4T5WfjT93fAn88ngmbWbm3/eE8/sKZW5kc3RyZWFt CmVuZG9iagoxMSAwIG9iagoyNjEyCmVuZG9iago3IDAgb2JqClsgL0lDQ0Jhc2VkIDEwIDAgUiBd CmVuZG9iagoxMyAwIG9iago8PCAvTGVuZ3RoIDE0IDAgUiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+ PgpzdHJlYW0KeAHtXG2P3LYR/s5fodT1Rpd11iut9i2X5IDY50tjo67TS53GTj/UbVAUSYHU/x/o 8OV5SIkjnbQvTpC6KeC9XWpIDmeeZ2ZI6ufiRfFzsW6KerNZNMtlVfxk/1o3y8XS/vVjsdnXi432 DZ/4sfhX8dL8p3j46G1VvHlbLBeb5XbXrGr5tF25/8mnVbNfVvtN8fZNsbJ97aTL7aKqpZPNelHL n9t60RT//af54YRjSme2We3sTOrtarGRfoqXRTLmYin/ydh+lqHWjfvLfah2RbWzulhuzZufii9u i0bmJf/JP9VmWdRVvS5ufyoe3t5Wi6qoitsfildF+cnzCyuoKC8viu+L26+K61uZVUfX5kBdy7j7 5mUOmFfRnVe927t5mXxetZ1WU5T7i+Lj9ocP3TdVUb5Em7/Ztuui9H+bki0Wrqko56H7sCrKCuJ2 kPI790GeZk/3Q9cPLozreT5jmwE57JSSIeeelVeZckgMn56xC36Faf4ljOvlheld6eleZZxXDaz0 aSy4CkutmPB8iUURPXdnZuj9vyobdqi1Km7fpF7aBDftmnP5wR+bi+L236pv3rVisj4BGamJQ1fM DGBO5pvVdlX1gc794Bn0ps+wgnN+5a2+KOEFH1nrFVfE32w465pzs98ulkIEdbPY7SxqN4vlbrkU GGwW1Xq/3/ZbpDhsD6Zm86utxB5QDVBgygfB5eZrN0EZ/uwKnwgKmNGMjdiGWHDPakwwiw9BHWza 8gKBPEGkxxEMiAqfuu7XpqToa+iesvMBsQ3lYGafd7XfB/j9SrfrOkhkzlmatrPUwo596q9kAqKr bYIGI0xXdCbkWXe62Sy73RhHneWTm8tnVzfP5f/RNSf5h3X25abuOnvKyU+SGQwRvjdOEwnfEaMI V9ByHKcZb0EKp8lqCa2SXGCH898HU6cVBQc15ef2F+FOPkPTg6HBmL4JLbvfhyejP9EM+WHWL30O 8YCUzy7s9GQW6IcDohDKJbf0s68p5+JVkXgmWYHjtdZKefsSM2h59IHiHaXoViaUIloQSIJ6EpCi Hm7sikibZ5ygsbFhr8cGmNQ81hOCPtW999i1/0fWSdx3xi5DQApcX+4X242G66eJKR2u6yqjMZCv aO0BV4vyGnDKNq8vYG+Rsx7TwKh9WCclwTop0bcwMRoV54t20YnZizFZxAhY1JbSg6++lAr4jjCY AfBVloLge/nd4eBb7ff7IfCNJh/sb7de7Oui2TeSnIn51dXahhk2qLBZmpmapeURhYS4PYMaB9rW n9uJiE9AYGL0asI6fqE10sL5IVi4ialPP57T5CkPHcSwh+AbQz0OhwOko1DQTM+iApDzQYZQfBAj YBP4GVt4CjMlp5x54CPn04JJFALaE98O+SUfEqII7MnYDLxmecKvUXwOXp4rYT6bIYUkzPwB3UUB M0gQFhuHBkfgpPdTiYBaiYslsR7Lvffwwf2r3T1rGaK/+x/N00EOEElew7BUZjtRYpphKrOrIX3f ZFTmyhwHU1nPhKdQGbGklaJsjlifJAR0GY+OcbQ1OEdC/TRa2hzsS/ITq0qJBtiGgROcig/BQdgU LYLbxVgO4tkyE0pYQVMIn9sMx45Joku6M32Mcq7hNBwdBMWUK7RJyBW6Ebgb51adDMfY4ttdpbqB eMmRbDB406naHUWypuW8tc1wNL8KJPvd1Y2UBlF8mOSxzmFXG8VhWXV8nip3inCb4VR7VTjqXbRy fgjwbcq/Byx4XQKQN+6DwASKgYR6mhEsODFHz680Rzblw6P5SDE8GCmFUbwyEp+W+ZFIQsJnYMUQ Rhn0l8gkaAvxKNPIM9EDBhYpGPMQR6w2Ssh1ao5QreKcHBFR1yU51i6VaWIJGNzQkGIoFFXfXtDs 2b7sqNnuF2u3V5FWvVrbCMZufYzHpjg5V/JqOx2TVfoYjGgspYQk9ArcQgOFKgjacDMSBVrQlNE3 DJctM6FUPRQL4Y5S7JgipZjyKEpJqAnh3KGUMmrZQuTUm7e1F5AbQQqljMgOva9rRbN2N62i2aur J1LZGkEpWYpkN7Kq3XaleBcpRVLCCWjVKZpZ4QpfvUAEQRQByWBT5UNnv8IfNCSmE/xASyYCtAxh AFnDmg4gqz7uHFmTrZ+B/tKwRNul0NagvUtxt/CIKx409WWFf1Jl9NxTgqbE325PuR2HpwHdkaDZ Wh6CJi0Ds2QuByS7huGJpThMog35R2RX8OnjzChhnDG8eUlBbPzX1E+keGTeZeW+x89ODkKK3kNc ++rq2c0xIFQth0Do645yi1A8avZyguBsxaOdOigWj0hjrIjTmhinfmztzBX4Q9oM04RF4t+MdAdC ziCK5s5n6dUkaHTHLygW/m7iTnv8jVPjB/Yh20AuaWVjdsrckd8wYHjzgXM8CQL4ISK9DQ9sMSOo ymskJrTsGapiz1nAwqgJsmTa35ueUxijKrpDtda8puIKN2I1CuVN331IAw+dNPKORpNGKryzFRjo Ixcueyh6NSYhQVs1DxsLDZyznwXcqaERoXOmaR8665rGzhlsgCYcPpgSTnndZQNYGP346VM+DXGP 6UpzVibZKHdJiqJTzNhtx36NDXZirHXIBsQIc+0PZHV1np5DUsvqBLJHcci22Q5xyKtUuXfGU91A VoQrXo3IwJaWPdBzvdPSsgVsIQGGI0QwtqZ1ZBD2yBmp4GNo2945iOZy54zSozEOqHR9TQcqH90m CqtcbVnXGOMlKCxJbINazKG15W4IrE8QjkyVnyUEXtl9rO6u6inrBi315iEwJ0UTI0gRf9gm1qwq l3dZWz1iS5Up+i+NaC0dnS81b3XTQrQvry7HVXv11Hyza4YQ7fYoRBPhCqKxcEsqg7/QYeOOHEMz +hLJkRCHeJF2OKPZ0d8ldxKElOiQYEeopOQMGPkFu5L8zCKt7NmCWdkVJsFyAh/qhXBTphBuB5hC uI0seb73TuxNwdFhr6786dibRUYee3Xxw9gbsoqbEN8/mzRBIT857aVGkroR65FkotM0kqz2cjQg A9MT7uv1jBHxIU2feV3cgKddw8SO29drmYA1ZjN07rCYcu7QxMM0dFzMrFU5uzPyTA/9jwjf0/JX x0T8rpyufiXyHIpvQy+iM3vuUNuVU7wiVC9G43Tub7aEuqllC7//LsCXI10pE+525XThsDbAK/Hs 9WtntbVhQp1D6CSU/h5bCeyCXkDbZ2xB3IZh8SGPvAZhbGK5HA3FccQtsxxA2UxzlUdZdV1aLjYK xHPxLsLVV+YXQtm6UkKFSSi7XMmBrLOirD7G9yjri+Xda0onR1lV/adH2dzpIspKyDpioyr3N4uy 6/VOQ1nZoHIFSQlcojNbCvM14tVut5DrCu0DhqcJHeyZCRmU4ndfOJuWQJSQNgIhd9jzArYzWCUe xlPTiHAJngTaEBcnJyAgL29LwQwI4sHveLruU4TVbJWxDimBTTICCE0SBujXCdXGAWLDhtPMq838 CbrhWKBI5jTs2avGxMSDQvK2MUvG3KKK+Niv8ZRhUhdxtKjb7HRa7Cn86H46TItuD+Dgwk9/8qFP dQotEj/aZezTIIg7VNgzxve0+G5oUVf/yWlR8QpPi5c3Vzfjzm/otNjs1YvIoMXWReQpIbRLPnTh pDciLBARUX5ERkL5U9AQsZJ8hF+4kQoE5+l2SuknBFZrsL3T7ceMKAulMcQUZfl8Q9fWdGDNF9rl G7r4YWA9rqqTMIe9f1rJCJRoB8vHtWHZDZvMsSKHtjAU/M1n+07irez1/ez+6Skr6i31sqLOMiNM PNmw4P42zRPTiSehDzmJ17IYX9Hk5dMkrmMUQ0e6BmkMDIhtGEFhZq1s+84iUPstCnI8e/gtCncW gXT1H4XD7XsV/mi2YsIBhy+vbo65/yQvvlB84xPgsEC8mp6sd4u13Sg6z/0nfVDxIBMBHCEyDJjg iR+CRSXbj3wW9sNnWAV65OxRNi9nMXgGNSQvhohwH8rsETcQ92NcNPU/27RPMqzQqRzSZg7C7rOB 9R/k/saKkx0I7umjwyzV4bTZX5w3gc8/nUzxJmSpYgbt4zOcEBMO9AytSIuzH2LxVVP1IpJ9oUte 3DzyKGRCLJ7a0k6IvcPU5nKG6ReRcnL11JaOgHuFWAvSE1dYTDRs62Od0BYeg7/5bC+1AQPOlmLo MHAwtdmJv7+3lLw8aeBy8GnuLXknPPu9JcXXSY5PZBvj4NrdaqNdNCQ5Pushx2a1aLqXg0+Tedva nQxKYexIjr2ITMCnB+GKBDmBARi9H3BAwKeUby0nCEmGk6VJhMeH+VDk0S7MgOwgLYjXt7HZd5TH LvoGKoejiX5oQzmgSbIjhkMVsem34eUrwE2GsdQZpHP6s86kJKAIQ1HOicYpIXjgsDkGDjM2lspn SJYgO55J5XNUUq9tXHtTNtqLv8515FT3rlYWEWPPSWmtI2dd/DA5H5d39hf0dJ+dVNADqJyNbXvG iNwMnpEErIOJ5BFs2zIBm0j+P5wm0NV/VCKpnSZQvOJEXLlU7/gikXzew5X1brGy27dpInlCrlxq dzBxeIoQTnwkwBI6SQQTuJIP90JyLOqxR/gXWIRCuj90B2vKyAZoC5LKhIHwyC1oEUgryf0gCy0Y JOCLbgPynu892TLjL6A2Ts5tPEkcIYfUyKMsiWJeQuHoUyYfOWFisUfO/Lx9M+I6Y5LluY2nlWrZ AlIW4vzA45gGeCrUkhLxnqec+G6QPMxTg0nkne+vG+Cp9lSNfz3oJJ6CQ5+Pp1Sfpp/CKt/zlK8y n/o8hniDkn6cnqfalmhfVHsanqob7W4vczrhq1HOnNVj3MaTLvzue2Sm/AoIR0MmHsKi0QLgnhx6 IMDuAUpE2IzsKHdOJmHjmEUK9gZ4Y87ADxlntUpEAwiYKc1vQOlaa0WBh62JP1asix8G2OMSgQTi XZVORqD4DNaTi0dSjoVkrDXa+vRZOSXZWgJLjOE+26paLeTeWecFqKfcgGqpl0VQGgsnRbtj2HWN 3IJtwPj2HcvB/H4TVzpaOmKZVgHNEeGJL3qrb1todZNe6bh8cnUpNfwRhbA8SLGH2KqdetEZwf3X KWjGQ2z1Xt5Ffr6Lzvqg/sSXkMJniG6oPUX3miMgRXQPrOUzowLU/JKcEuDTzQm79Ah+wziXjWN9 B6E7n4rZBUdLZI6/QQt+Zkl8/4+wp4MpoyHjfErVdRD8M7osBz81SDd8F//4Y/neC9StH90u8q2f A4nek4p0ouwvnZNU+qN2fcJTonZ66tmi9p4xggFghO8gagelBl+JpVg4AMtadEs8Qp5CUyLKb/8d dN7gu2mqQmHH3XZR/MrG/fKKbTnokOzlvPgffQoDsgplbmRzdHJlYW0KZW5kb2JqCjE0IDAgb2Jq CjQwMTIKZW5kb2JqCjEyIDAgb2JqCjw8IC9UeXBlIC9QYWdlIC9QYXJlbnQgMyAwIFIgL1Jlc291 cmNlcyAxNSAwIFIgL0NvbnRlbnRzIDEzIDAgUiAvTWVkaWFCb3gKWzAgMCA3OTIgNjEyXSA+Pgpl bmRvYmoKMTUgMCBvYmoKPDwgL1Byb2NTZXQgWyAvUERGIC9UZXh0IF0gL0NvbG9yU3BhY2UgPDwg L0NzMSA3IDAgUiA+PiAvRm9udCA8PCAvVFQxLjEgOSAwIFIKPj4gPj4KZW5kb2JqCjMgMCBvYmoK PDwgL1R5cGUgL1BhZ2VzIC9NZWRpYUJveCBbMCAwIDc5MiA2MTJdIC9Db3VudCAyIC9LaWRzIFsg MiAwIFIgMTIgMCBSIF0gPj4KZW5kb2JqCjE2IDAgb2JqCjw8IC9UeXBlIC9DYXRhbG9nIC9QYWdl cyAzIDAgUiA+PgplbmRvYmoKOSAwIG9iago8PCAvVHlwZSAvRm9udCAvU3VidHlwZSAvVHJ1ZVR5 cGUgL0Jhc2VGb250IC9ET0FZQ1QrQ2FsaWJyaSAvRm9udERlc2NyaXB0b3IKMTcgMCBSIC9Ub1Vu aWNvZGUgMTggMCBSIC9GaXJzdENoYXIgMzMgL0xhc3RDaGFyIDEwMCAvV2lkdGhzIFsgNDg3IDIy OSA0MjMKNDU1IDQ5OCAzMzUgMjI2IDQ1OSA1MjUgNzk5IDQ3OSAzNDkgNDUzIDUzMyA1MjcgNTI1 IDUyNSA1NzkgMzg2IDYxNSAzMDUgNjYyCjcxNSAzOTEgNTI1IDQ5OCA1MDcgMjI5IDUyNSA0NzEg MzA2IDg5MCAyMjEgNDU5IDQzMyA4OTQgMjUyIDUwNyA1MDcgNTA3IDUyNQo1NDMgMzk1IDUwNyA1 MjUgNTQ0IDUwNyA4NTUgNDIwIDUwNyAyNTAgNTA3IDQ1MiA1MTcgMjUyIDQwMSA0ODggNTA3IDUw NyAzMDMKMzAzIDY0NiAyNjggNjMxIDQ2MyAzMTkgNjIzIDUwNyBdID4+CmVuZG9iagoxOCAwIG9i ago8PCAvTGVuZ3RoIDE5IDAgUiAvRmlsdGVyIC9GbGF0ZURlY29kZSA+PgpzdHJlYW0KeAFdlMuO m0AQRfd8RS8ni5Hb0G2PJYQUTTSSF3koTj4AQ+NBijHCeOG/z7llZ5LM4iBdqqq7btH04nn7aTv0 s1t8m07NLs2u64d2SufTZWqS26dDP2TL3LV9M9+VvWuO9ZgtKN5dz3M6bofu5Moyc27xnZLzPF3d w8f2tE8f9O7r1KapHw7u4efzzt7sLuP4Kx3TMDufVZVrU8dyn+vxS31MbmGlj9uWeD9fH6n6m/Hj OiZHR1Qsby01pzadx7pJUz0cUlZ6X5UvL1WWhvZd6F6w75rXesrKfF2R7DeOR8sj9zxqb5X3nHcV RaeKXMl163K//C85+ltD++7eSb6sSuF9DBX75UjwfrWRLJCALCQDEpB7yYgEZJRcIcH7tS31hARW ttoNEohaco0EalvV7pGAXEo2SCA5l2yRgLSuEhK8D7YyjgsGSm1HcoEbgUySuBEka+UCN4IRWTJu CnMU1HOBG0HtShI3glpL5mMU9kHWa0UxJ+hKbRSYE9TaUpgrzCADJIo54T29ITEnSG4kMSeQT5KY E0htFDAnmKRJzOEFyekgijlBk+qZkRh0paWwZRDlIJQBc4JaDYcKg64054A5gbRkzAUziC+imBN0 ZcmYC2YwmsRcMIPrWsmYEywl+wFzgq5kP2BO0JXV8gWZsJI1uohXQVRnI+JVIDUrdjNIll8Ol4Ej i+KXk6ylZD/iVbAvyfxufw7+Mrz7ESKjEAxZ3pm0wabyHhmDYBc1HBmDIKrDHBmDYFOTjCHevrU+ UGQM0bzzOyDxLajVJ4j4FtRqbit8C6Kq5W8wiOoEMniDqCXjnR9TyVqZc2fQJGP8x6yuGV2Hb9dX c5kmbi67M+1S02XVD+ntWh1PoxYwfgONemDCCmVuZHN0cmVhbQplbmRvYmoKMTkgMCBvYmoKNjYw CmVuZG9iagoxNyAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IgL0ZvbnROYW1lIC9ET0FZ Q1QrQ2FsaWJyaSAvRmxhZ3MgNCAvRm9udEJCb3ggWy01MDMgLTMwNyAxMjQwIDk2NF0KL0l0YWxp Y0FuZ2xlIDAgL0FzY2VudCA5NTIgL0Rlc2NlbnQgLTI2OSAvQ2FwSGVpZ2h0IDYzMiAvU3RlbVYg MCAvWEhlaWdodAo0NjQgL0F2Z1dpZHRoIDUyMSAvTWF4V2lkdGggMTMyOCAvRm9udEZpbGUyIDIw IDAgUiA+PgplbmRvYmoKMjAgMCBvYmoKPDwgL0xlbmd0aCAyMSAwIFIgL0xlbmd0aDEgMzMxMTYg L0ZpbHRlciAvRmxhdGVEZWNvZGUgPj4Kc3RyZWFtCngB1b15fJTV3TZ+ztyz7/tMZpKZSSaZLJN9 XyAZskESAiQQSIBAwg6y7wIiiitq3W3dl1pcsBoCSJC2YktrN9Raq920+nTR2mK1u0uS33XOmROC bZ/3/Xx+//QNXnNd59zL3Od79u8597h9646VxEQOEIUUL98wuJnwv/IzoIeW79we4UGStYYQTeqq zas3iHDeVYQYAqvXX7pKhCv+SkhH65qVgytEmHwGrlyDCBGm5eDMNRu27xbhsocIoZH1m5Ynj1cM IP62DYO7k99PfolwZOPghpVg/F0xBR+RzVtXJo/TXtzOvrFw9/ptu0kzeXt2MyG3NJPErGZy4GZg JmDFV+CqGTRC7ORbREdU4CKCOzpuoVcSNY6y45oHRm76xw8cS21T/kZS9Igg5PQf9v2Q8YvXPn7D p5+M3mD4o+5ZBA24g/jDdboHRn9OiPGhTz/55CHDH/mdkgc5zRg2KJER1VXHDX7aDnFQiiuluEKK A1JcLsV+KS6TYp8Ue6XYI8WlUuyWYpcUO6XYIcV2KbZJsUWKzVJskmKjFBukWC/FJVKsk2KtFGuk WC3FKilWSrFCiuVSLJNiUIoBKZZKsUSKfikWS7FIioVS9EnRK8UCKeZL0SPFPCnmStEtRZcUc6SY LcUsKTqlmClFhxTtUrRJMUOK6VK0StEiRbMUTVI0SjFNioQUDVLUSzFViilS1ElRK0WNFNVSVElR KUWFFOVSlElRKkWJFMVSFElRKEWBFPlSxKXIkyJXihwpsqWISZElRaYUUSkypEiXIiJFWIqQFGlS pEoRlCIgRYoUfil8Unil8EjhlsIlhVMKhxR2KWxSWKWwSGGWwiSFUQqDFHopdFJopdBIoZZCkUIl BZWCJAUdl2JMilEpPpPiUyk+keJjKf4pxT+k+LsUf5Pir1L8RYo/S/GRFB9K8ScpPpDivBR/lOIP Urwvxe+leE+Kd6X4nRS/leI3Uvxaiv+R4h0p3pbiV1K8JcWbUvxSil9I8XMpfibFT6V4Q4rXpfiJ FK9J8WMpXpXiR1K8IsXLUrwkxTkpfijFD6T4vhTfk+K7UrwoxXek+LYUZ6X4lhTflOIFKc5I8bwU 35Di61J8TYrTUjwnxSkpRqQ4KcWzUpyQ4rgUx6QYluKoFENSPCPF01J8VYqnpDgixZNSPCHF41I8 JsVhKb4ixaNSfFmKR6R4WIqHpHhQigekuF+K+6S4V4p7pLhbii9J8UUp7pLiTinukOJ2KW6T4lYp bpHiZim+IMVNUtwoxQ1SHJLieimuk+JaKa6R4moprpLioBRXSnGFFAekuFyK/VJcJsU+KfZKsUeK S6XYLcUuKXZKsUOK7VJsk2KrFFuk2CzFJik2SrFBivVSXCLFOinWSrFGitVSrJJipRQrpFguxTIp BqUYkGKpFEuk6JdisRSLpFgoRZ8UvVIskGK+FD1SzJNirhTdUsyRYrYUs6SYKUWHFO1StEkxQ4rp UrRK0SJFsxRNx9hoGaPm4VB9GGPm4ZAHdKUIXTEcqkXogAhdLmj/cMiMyMtEaJ+gvYL2CLp0OG0a Ttk9nNYE2iVop6Ad4th2EdomaKuI3DKc1ogLNgvaJGijOGWDoPWCLhlObcGZ6wStFbRG0GpBq4ZT m3HKShFaIWi5oGWCBgUNCFoqaIm4rl+EFgtaJGihoD5BvYIWCJovqEfQPEFzBXUL6hI0R9BsQbME dQqaKahDUPtwsA1paBM0YzjYjtB0Qa3DwQ6EWoaDM0HNgpoENYpj08R1CUEN4rp6QVMFTRFn1gmq FZfXCKoWVCWoUlCFuFm5oDJxl1JBJYKKxc2KBBWK6woE5QuKC8oTlCsoR1C2uHVMUJa4Z6agqKAM cet0QRFxXVhQSFCaoFRBQUGB4cAsGCtFkH84MBshnyCviPQIcotIlyCnIIc4ZhdkE5FWQRZBZnHM JMgoyCCO6QXpBGmHU+bg2zXDKV0gtSBFRKpEiAoinOi4oDF+Ch0Voc8EfSroE3HsYxH6p6B/CPq7 oL8N++eFR+hfh/1zQX8RoT8L+kjQh+LYn0ToA0HnBf1RHPuDoPdF5O8FvSfoXUG/E6f8VoR+I0K/ FqH/EfSOoLfFsV8JektEvinol4J+Iejn4pSfidBPBb0x7FuApLw+7JsP+omg10TkjwW9KuhHgl4R p7ws6CUReU7QDwX9QND3xSnfE/RdEfmioO8I+rags4K+Jc78pgi9IOiMoOfFsW8I+rqI/Jqg04Ke E3RK0Ig486QIPSvohKDjgo4NexuQ6OFh7yLQUUFDgp4R9LSgrwp6StARQU8Oe9Hq0yfEXR4X9Jg4 dljQVwQ9KujLgh4R9LCghwQ9KG72gLjL/YLuE8fuFXSPoLsFfUlc8EURukvQnYLuEMduF3e5TdCt 4tgtgm4W9AVBNwm6UZx5gwgdEnS9oOsEXSvommHPINJ+9bBnGegqQQeHPasQulLQFcOeHoQODHvQ 2dDLhz2VoP2CLhOX7xPX7RW0Z9izAqdcKi7fLWiXoJ2CdgjaLmibuPVWcfkWQZuHPctxl03iZhvF mRsErRd0iaB1gtaK69YIWi2ebJW4fKWgFeLM5YKWCRoUNCBoqaAlItH94skWC1okEr1Q3LpPfFGv oAXiceeLL+oRd5knaK6gbkFdw+4EEjZn2M3MOnvYzSrsrGH3QVDnsLsANFOc0iGofdiNgQRtE6EZ gqaLyNZh934caxl2XwtqHnZfDmoadh8ANQ47W0HTBCUENQiqH3ZiXECnitCUYUcfQnWCaocdrB7V CKoedkxHqGrY0QuqHHYsBFWIY+WCyoYd+YgsFWeWDDtYwoqHHaxBKhJUKC4vEN+QLygubpYnKFfc LEdQtqCYoKxhB7NSpqCouGeGuGe6uFlE3CUsKCSuSxOUKigoKCAoZdjej3v6h+1LQL5h+1KQV5BH kFuQS5BTXOAQF9hFpE2QVZBFkFmcaRJnGkWkQZBekE6QVpypEWeqRaQiSCWICiKJcduyMMOYbXl4 1LYi/Bn0p8AnwMeI+yfi/gH8Hfgb8FfE/wX4M459hPCHwJ+AD4DziP8j8Accex/h3wPvAe8Cv7Ou Dv/Wuib8G+DXwP8A7yDubfCvgLeANxH+JfgXwM+BnwE/tVwSfsNSEn4d/BPL+vBrllj4x8Cr0D+y xMOvAC8DL+H4OcT90LIh/APo70N/D/q7lnXhFy1rw9+xrAl/27I6fBbXfgv3+ybwApAYP4PP54Fv AF83bwl/zbw1fNq8LfyceXv4FDACnET8s8AJHDuOY8cQNwwcBYaAZ0yXhp827Ql/1bQv/JTpsvAR 0/7wk8ATwOPAY8Bh4CumgvCj4C8Dj+Cah8EPmS4JPwj9APT9wH3Q9+Je9+Bed+NeX0LcF4G7gDuB O4Dbgdtw3a243y3GWeGbjbPDXzCuDt9k/Er4RuNj4auVrPBVSnX4IK0OX9lzoOeKIwd6Lu+5rGf/ kct6TJdR02XByzou23vZkct+cVnCqTXu69nTs/fInp5Le3b17D6yq+c51TVklerqxJSenUd29Kh3 uHds36H8dQc9soM276DFO6iK7LDviOxQzNt7tvZsO7K1h2yds/XA1qGt6rqhrW9vVZGt1DgyfubY 1mCoFZzYt9Vib93Ss6ln85FNPRtXbehZhwdcW726Z82R1T2rqlf0rDyyomd59bKeweqBnqXV/T1L jvT3LK5e2LPoyMKevurengU4f371vJ6eI/N65lZ39XQf6eqZXT2rZxbiO6s7emYe6ehpr57R03Zk Rs/06taeFiSepNpTI6mKnT3ArFQ8CQnSxuJgIvh28MOgmgSHgmeCitMWCAdUubYU2jQ7hW5KuTzl 5hTF5n/Zr0r4c/Nbbb6Xfb/y/cmndiV8uYWtxGv3RryKh6XN2zmPpe2Yt6FZcEkFT2unNxprtXmo zRP2qFrCHkocbzs+dCie5+0v21U2G7XZxm2qhA2n26xhq4p9jFuVhLWkqtVmCVtU7GPcongTFsSw h882z5nXajOFTaqeBtNskyphamhqTZgKiluJQiMUKz92kKJnT0M94dYRSo55qYaO0FuOzpsbj3eM 6El3x5B+zqIhet1Q1lz2mehaOKS9boj0LFzUe5TSL/QdpaqmeUPujq6FInz1TTeRxrSOobS5vUMP pfV1DB2ASDAxDkHSjnpJY198ybYd2+Lx7UvwsWTb9jj/DyG6g4XwhwP4b9t2hNk/EMKEHfnPf+I0 nLd0G/74bcTd//Ml/w8cof8PPON/+SMeJSiivdPGVVeRFaqDwJXAFcAB4HJgP3AZsA/YC+wBLgV2 A7uAncAOYDuwDdgCbAY2ARuBDcB64BJgHbAWWAOsBlYBK4EVwHJgGTAIDABLgSVAP7AYWAQsBPqA XmABMB/oAeYBc4FuoAuYA8wGZgGdwEygA2gH2oAZwHSgFWgBmoEmoBGYBiSABqAemApMAeqAWqAG qAaqgEqgAigHyoBSoAQoBoqAQqAAyAfiQB6QC+QA2UAMyAIygSiQAaQDESAMhIA0IBUIAgEgBfAD PsALeAA34AKcgAOwAzbAClgAM2ACjIAB0AM6QAtoAPW0cXwqgAqgACErKOLoGDAKfAZ8CnwCfAz8 E/gH8Hfgb8Bfgb8AfwY+Aj4E/gR8AJwH/gj8AXgf+D3wHvAu8Dvgt8BvgF8D/wO8A7wN/Ap4C3gT +CXwC+DnwM+AnwJvAK8DPwFeA34MvAr8CHgFeBl4CTgH/BD4AfB94HvAd4EXge8A3wbOAt8Cvgm8 AJwBnge+AXwd+BpwGngOOAWMACeBZ4ETwHHgGDAMHAWGgGeAp4GvAk8BR4AngSeAx4HHgMPAV4BH gS8DjwAPAw8BDwIPAPcD9wH3AvcAdwNfAr4I3AXcCdwB3A7cBtwK3ALcDHwBuAm4EbgBOARcD1wH XAtcA1xNVkw7QK+COghcCVwBHAAuB/YDlwH7gL3AHuBSYDewC9gJ7AC2A9uArcAWYDOwCdgIbADW A5cA64C1wBpgNbAKWAmsAJYDy4BBYABYCiwB+oHFwCJgIdAH9AILgPlADzAPmAt0A3OA2cAsYCbQ AbQDbcAMYDrQCrQAzUATWfFf3kz/tz9e33/7A/6XP59/6RK2Y4iQsdsnbxIic8g6so0cwL9ryE3k dvI8+QVZRg5C3U0eIofJE2SIvEC+R9646Kr/n4GxSzUbiFk5SbTERcj4J+Pnxw4DIxrrpJjbEXKp Ixdixu3jH3wu7oOx28ftYyNaJzHyay2qV3G3v9DR8U/Qv2qJZbyShVXXQtv4N32ke2DsmbHHLkrA HNJFFpJFZDHpJwNkEOlfQdaQtbDMJWQ92UA28tBGHFsNvQqhpTgLbQnXF87aRDaTTWQr2U52kJ34 txl6WzLEjm3h4R1kF/7tJpeSPWQv2UcuS37u4jH7cGQPj92NI/vJ5ciZK8iVXEkWMQfJVeRq5Nq1 5DpyPXLsP4eunzjrELmB3Ih8/gK5mfwnfdNFR24ht5BbyW0oD3eQO8ld5EsoF/eS+z4X+0Uefw95 gDyIMsOuuBMxD3J1F/ki+Rr5DjlBnibPkGe5LZfDtsIi0i6ruKU3wwb7kOaDk55YWHPXhLX2wxos 3YeS6d4N+1056YqdSTsy6x3Emcw6h5L5wO5yWTJGWuIWpEzoC+lkNmJpuPmidMor/k+xLMXMTvfB XtIyzGZ3Ie6ef4mdfMZkfRe5HzXwYXwyqzL1CLRQD3I9Of6BiXMf4se+TB4lX0FePEaYkixiDiPu MfI46vaT5Ah5Cv8u6MlKHH2afJXn3BA5SobJMXIcOfksOUlGePz/duwZtB2fv+ZY8l7DE3c5RZ4j p1FCvkHOoKX5Jv7JmK8j7vlk7Fl+lgh/E3spz/Kz2NFvomy9iBbq++QH5IfkZfJthF7in99F6BXy KvkxeYNaoH5Efo/PUfKK5jfESqZh4+VzyI37yBKyJDF9xdIl/YsXLezr7Zk3t7trzuxZnTM72ttm TG9taW5qnJZoqJ86pa62prqqsqKosCA/J5aVGc0I+90Ou81iMhr0Oq1GrWBkm98SbR2IDMUGhtSx 6IwZBSwcHUTE4KSIgaEIolovPmcowq4bxKGLzkzgzFWfOzMhzkxMnEntkSlkSkF+pCUaGTrXHI2M 0IVdvdA3NUf7IkPnue7kWh3jAQsC6em4ItLiX9McGaIDkZah1p1rDrUMNBfk06MmY1O0aaWxIJ8c NZogTVBDOdHNR2lOPeVCldNSe1RF9Bb2tUNKVsvgiqE5Xb0tzcH09D4eR5r4vYa0TUM6fq/I2iE8 M7khcjT/zKEbR+xk2UDcvCK6YnBx75AyiIsOKS2HDl075IgP5Uabh3L3/MYPA64cyo82twzFo3iw ju6JL6BDmix7NHLobwQPHz3/Rzz1pJjBZIw2y/43wg6yJE6YaYgOSk3wbHhCpC89nT3LDSMJsgyB oQNdvSIcIcuCwyRRFO8bUg2wI2fkEU8PO3JAHpm4fCAKy7ZEWwaS/+1c4x86sCxSkI+c5f9lDamz cDwypMQGli1fw3hw5aFoM1IIW5J5cNo0QyQGk8ZsOVpchPMHB5CItcwMXb1DRdHNQ+5oo7A2InCT rJa1c3v5JSK2ZcjdNEQGlievGipqwbUoIi2HWMawB2T3inb1niJl428fLY8Ej5WRctLHnmPI24RM ibUc6l2xaig8EFyB8rkq0htMH0r0wXx90d6VfSyXovah3LfxdfhDBvKrkLbPnS1PRrKHdFn6SK8q qPSx3EJEpBUf0cYpOGAf0oogy9HGKZFeGiTyNHxL8gymLroPAkpW0wxcDMalTTOC6Sjc/O9/eaSg SAAeY0g/8UxqPITmwjOJ7/mPjybOZg+UG2lZ2TzpAS+6KQL8AZN3+/fPqWK2SBoDj6Bn2TmDpaEg XwUdwWH9kArp5FEsF/2RITIn0htdGe2Logwl5vSyzGG25vnbMTfKHIM8t5OlZN5FIXG8WhwbIukd 83plgPlshlrjPF9ZtvLwdB6eCM743OE2eThySB/tmHuIfXk0eUMSQQ1C5mhjbYM3VDvLUVlb0VBG WwejEXuk9dDgyPiBZYeOJhKHNrcMrKlFNTgUbVtxKDq3dwryktf7y4J72Fc7SQftmNdYkI+2p/Fo lF7XdTRBr5u7sPeUnZDIdfN6h1Vwig409h3NxLHeUxFCEjxWxWJZJDslwgLsTt0I6Pn5wVMJQg7w o2oewcPL4ZflceIkxFGyfEQl4uzyPBXi1CIuweP68Ica5l+DLEA73BJZwbJnX9+aQwN9rHIRL7IS /9EhGq0nQ6poPVy5WvOQMbqyccgUbWTxDSy+QcRrWbwu2jhEvRTGGUGbdGgginYKRa4XLvI+lA47 K/2qrMjI+Pi83vRzwfN96agSi4GFvUOGOPoBTVY7zpvOMIDo6UMHlg+y5yA9qOqsZrYt70NdkDfE KW1DBtzBkLwDzmjl17DiiIuWI2+Qgfz6AwgMHegb6ouzL+1dy54oErEPkRnRWmS7uKcmxr6oqO+Q M1rKCjZOHTJmXcvIgGcjcFLzmCCC+DI0uCxFOjOefHkUh5YPRJADarJ8Loq6aEuNLN8QsxJNojq2 ksMYTB4kLFlKlsliHDIU4ob4j2lTIW6I/3R9MApLPA9dmzwB320fMuGJYpNMmbwA1sGhNvYs+O9a PDw79QV2m64R0h3djaaRPTT/Kh0OD1my2gbR+IvrTYiJVsuLcS99Foti9zgrYnUs5WbYXcmaNzL+ WPRS1gLIv4L8KOscWMEkwVMo2KTv0OcjhhbFC/L1n4+18OhDh/SWf3+BsJfeMsHsLpEW9DWEqNlr LC+DHyZR9ULylLqZDKr/SJ5S3gO+Sp7SmMki9WfkKZUauInolH7ylPYNxOcBM8lydQau6eXnTld+ R2y6EJmq/IQsVpeTu5VlZCF4QPmU9Ku2kCzlLKlg8fC7Xa18mfPd2hXkbhanrubnMj2g+j6uTSdd qqdJOsJ3KPeTDM0IqVB2kVzlQZKh5JI+5QS5Gj7GPFUmOQ0v5BcVH6HwILfAY3w1sAc+uRuUCnKD LpsQ5TOyAOkcAGeCLwG6gRnA08BWYDVQDKwE2PHlADunG5kh3uMhxIx55m0Ip5NmzGzTiI+ESArJ xnEnySER4iFZJB+lNYNEcY6KlBINCWBmmkdixE/qSAPBAhgJkjLiJpV4XyhOqkkJsrmeTCde4iAF GLVm4j2pRmLBdzXjXaJWkot3ioykCt/cRFrQe1dgbFtM9KQQ71QZSC2ehmDu8DAtor9VLVO9rHQo x9WL1J9qWjVHNB9rD+um6U7pS/VvGp4xeo2Pmeab/mTea3FajlkrbVHbY/aI/Tn7qOMt5ybnqOsO d4H7sGe95z3vbl+RX+f/ov+zlEUprwaUQEdgQ+DOwEiQBruCe4JnUh9Jq0zrTPtT6P7wtyI70wvS z2W8EL0msy6zKfN/Mt/P+jKeSANPxDblVczaFaSzhnSSWWTR14gF7jUvqaUnTniam/UFum/AdaYi ETjf9ITSpoRNrbKcDAQaoicrtDcpjrYRWnC8QXcT3MoNo2+NvlQ0+tZ5Z03ReVr05jtvvWP/6CVH TVHZO6+9U1JMHekODrdVpdO5tdGMQlVFdqyyrKy0XlVRHotmWFU8rryyql4pKw2pFJwpYupVLEyV Vz9bqMwe1ar2Rxvml2lCAZvbotWoUv3OgilZ9rmLsqYUpukUnVbR6HU5VY0ZHetbMn6uc6R5vGlO vd6Z5vWkOXSjv9BYP/mzxvppk3r9p3co2rrFDZnKl4x6lVqrHQn5U/Lq0tvm21x2tclld3j1OqfD nNO8ePQaTyq7R6rHI+412gmzRMc/Ue/XuFGaYuT+UyRz/L3jZjudGR1JitjI+IfHTYgxSYH13Q8T ARaVZWefFv5p5p+JHJrFDuebaGdmNJb1V7PJ7M9Iixot1Ks2E7PdrHom+nz05agSNUfNzrRuZ4+m hzQ0NDhraoqK+vsdvhoHpKPMfr7UUQaLx/uFTwwrh1ler5abPFtJV6xKNCMWq6yiws4+XVRJV+/Q U3tWOJzlMqg3jf5unWJ0RVPTsmxUT4fVlpTsUCQvYFXvpb+i35zqDVrVis5soHVj3zNYDGqNNehV D5usekXR20w3je5FdcaclqgpSleI16HvJgJhv512hu029mHBh9+MjwjSit2GhYmcgCeB454Ejns8 pnx2cj47OZ+dnM9Ozmcn5z+nKoUf6cwJaBIrg6WP4Uzwh8dwMmecD/77MVzCj+PMshGVPWF5yHTG pDIFsv9aUqLLHKHYBdJVPkJNR3XzSMP5Bl5ua2hR/zvcaqWvxYVAcY7Ha4SGUd1WdTQ9I1bhKK8s S0ep9LDyHFJoeaEqGnWwwuy6INU0XD17+Za2sad9ubk+Gtt+x/JSb3xaXsXilpyx0UD1wvbhs03d lSmzsqZf0vXSJ3W9TTG6berq7vo8TzhbfWV2OH/ens7CedOrncaK7o0qWjSzInWsP1o3e/TN2t4p 4bHq1KputG2D4x+qzZoQavGyY6mkLp60CphbBfzHY7AK+ANmFX4cVol/Q1WGtspPi9AWxmj+sGuu +jTNQwNWTAuPGuajSr92noEWieTbXz9bUpzltorKW86rpZYZgFVTVoE97hCqqqiuarNKo3cnlu5t 2/+Dmzvn3vWjy6vXLWwN6jWKWm/SW0tnb5k9/6YVVRXLb1nUua2r3KYzapWTdr/T6s7NDs579KP7 H/7smcWeSF7Q6go43akuQ3ZRdss1L+zb+/XLp8WKYlpHCDWQlbKbUcqcaLd3JdIa0qmLlRwXKzku N9LsciLBLj9S6zrNSg4JiBITSNqGM84D8xIDfu8Yzg6cxjqbAbYxD1u7giM0dlQjSom0xWuyRPSj SKguKhK6SQXg5vlf+fDw2Ac8+7Mef+/+rhPlm5685pmj+57cWqO65/FPv9ItMnrBl9+7e+2Jq9o/ c9QfeIH1Z0iZsg8pyyc7jwaykzkK5jnKGU8N5k/Nj+Ops0dUjoTB4Iq4Inj4wAjVJywHYvRMjL4S o7GYNmUE6bF0ZYOOaidKff+WrcjiIt6M2EWySnk+X5wsntHpDlnoo0Iq+9RGi370dpZC1Sq9Ra/R 4GNMS4f1aBrUBuhZKqq3GNXTnUGnXqRW7wy6nUGHfmydwZ7qcgbsurESvSPI0z3+iTIP6c4mi4/q XMl0g3m6ObNcTaabH2d5i3SfsKSRUJoOSTvmcqVoR2jOsYyuFNZAJnukorOOZDVG6kSmTU6M7G1k xVbmIWG6MVhPh4fnOqF3RwL+DLceSW3lsWddqUjFDJ096HEFHYbR3+osOo0GH+qns8PocliKFo1/ oN6tiWBs8UgiLTXV5mcl1M9KqJ+1bX4jSqjfjlT4We5ZyPPZNJKdyB7IVrJtyfSDefrBvCaDeU3m x3GlbURVeryonJb7R6jxeEZGTVH9aWpEH2+kucM1c90jNP9oEeozr83oJFgHnWznXuvvPyvyHNFJ u1xUmyurHKy9Y7WdZ72DtYCs8xb1X63erdabdebqJQcXXvLkzoaWPU+snLK3Yuw1h0NtQB9xr8nr NDprFy9bUXLXH788v/+J87e0X7myJWBUL3GlufSxwtisQ9/YtO/MVc1pafTSjEyYUa+3pzrHXIFY Wobf3P/Uh3fc88nQYCCaG8hg9QJ97hz0uUVk5HhDCY2akyYCcxNxhlnBvGrw4zCRmRk31ZdpYtY3 MeubmPVNzPom1j6YWB/hIwkPOpaEi33YHXQmSeA48bFNQjjA+Fkc8+V1owPJT9jOmOkrZmq+uDcu 6t9yvoGi13iN9STJCnWhYvWjBRUDGwyJJqSwpsqDOCnVc/TudH8g4taPHoNKYSVP787wp6S79apO XhahArA+ipxZr6of/abU6p9LNfqJSit1sn7RXtjPQ+acbPDN9j3jU0jShGBuQs6wDZibkB+Hhchz aBON42dOwhJGezcffCCZEw3hhXTJFNBe+dwGT7qPPffE0154QvZUuvEP6G/wVDkErjAimuj/q8dJ w+M4aGeaNdptOE1LMej3o+/SJPsutGoTj8drfEahNllueT+FXlx0Vh76m9TmTd2pVYUZJp1GpaCH 0qdEC8MZxRG7SILLQFs7DywsMdgcZrMjxenFWNLmtDkKu6YpD8D6alYLku12B1ISIDNOEY9ICXa+ ccNyhmHB3LBg3tl4UDaPE4Ot2zNC48mGmRadk4bldhVjjuTT8nZL6UDrahg968uVhYK+woZjHe6g y4B29mmZ7Z8+bHCkJvNeG0fbOoU8lbAP1G+uV1mKi31FRcZCv593fKgavENE7eCMZwXzZ+XHUQgC rB6FMkvMZiOrSUZWk4ysJhlZTTKymmRk5QRjtEQKKzSZlV0mv89S5C8p1IZzusI9ctja4MSAtQwV RY60MGqVtcRR5qiZWlRWxsaxk+pLlLKxa6Eqm0Yn1Rw2hwipfLSMDWiZ9Gjjenc4xZfu0qvGyhST J83tCblNqrHpFLUmxR9x6fKDayLFmX4D3aWh15gC4VjKBlvQZb5QPFd/eofOqFPUGJZgonC3tKX6 cF6mOZAT/GyBcjiUl2IyuNI8yVZpv8ZBppKrj2XbbO5kjeIMA3GGjcAfshEYD8M4bm7MkLGwsJQZ s9SPc0v9OLHUjrNKmTFL2Sl2EqruNhbastUprE9jXTeG/b4aZrxk+3LBdkWwGS8ywlKxWHbU6/X8 G3uFFF9ZjI1kk6VKvd/iCViqAtnRqGdsTWRaqkql0rvCfn/Yqc8PdKdlh9MctDatsrTET9Glu8Ip 3ohTP92NmZEprTRb9XbNZXUz7mr/7C8TneCTORlGX2549Lvlywf6i2Yfma36BuYNGBWgqmD0tnz8 vPo9TToqbTbZlwi4mQ3crEC52dDNzYZubmYDmKksYYhgVn0AM4tQ0rhgXqvAvFME806RH8dVodMY 3hpJCrpA29woq1msWcBAf2IIl+wCL/R6sm3gI7hJ41n1e+23v3XHbT+5obn9jrfuuPm1m1pOZC/6 0ubNX1qaG1v4xa1b7lmSo7rr/s+OLl1w+O8P3f3JM0vnf+UvT2z8+g2z5t14evXWMzd0zrv5a2y0 irHNi6h/qfAZ7D6aqU0mBMwTwhkJB/Mqx48jIVpWBHyONGaeNGaeNLvZQmemsflQGnr+YeLIQr9/ TKs1I5mmY54u86RhjyggsmIl03px9UG/rp40aFVeTOz66u7bDa70FNZk5wWoJ69z7YaZuSfqFvTn P3jvrNWtmcrtg/dtnDJWOFEvkNU6X8PiSxfMXlduHf04Z/pylsOstzYhxZXwldyaCNkLHVV6PHUV S0UVT0UVS1UVy+Uq5PLJXDYLzG1wMJNAcca5nGEaMDcNmLecDphmOLXQjpHus5sTNJHwTYUFTqR3 +ZJzYzb26z+PaV2ymsi2BoPdZC1hzYlSqGDydqEvZlM7ry+kJCd3PpfXS8tj2bFYcoqnNmndmaFA utuk3uUpqJ9Xt00aC7M8V8m0QMe2WdnRxsU1kfKCHPd2q35stHlOSkPZrY83L28Mo5FBd2FAFS8p X9AQHf3ZhBExaNQolur5m5qmrZ5d67bGp8wqGft1Zppy9cy1Pp12bGZ63Ry0NtPHzyvLUW/ayLun yDQ4G2xwJUxjJoOJOMN0nFGDwNxU00ZU+Yl4acLlpjNLE+gzM0szS81BP7s2yBrwoB1XBVnDE2TZ EXwOOx3Rih8L8pHAmWMpSXYLftbGhkfmwtM0G84vI40lTI5IFa1KmMx0JvLnTMLIVJWjyuGdglH5 iWlBTe5c7wjNTdZDZMF5B3NdxOP99vN2VMtJ4yU+GZGDp4kKqpYVVDiNJjrzz09Ctcrypl0P90/b tKDOZ0LHrLeWzdnSXt3flFnavXbjmu6yurW3zosv6Jzi0qpVitakMxU199dWzikPlM5dt3Hd3DJ6 yaIvYKoeyfBnheE90mXkRENVc8qqZtWVlNXP2zK76/L5BbaUsMvk8LucmJumRtPSihuzKmdNKS2b OncL8siGuv4GSn4GWXnSn4B5/Q4MaM4chyK8YsPYvMKjdHPGAfDFFZ91pA44O3DMoXWyKU1asm6X YuD1EXdUfDtuPxtPWmjSeDJdDtHZoF15g0/E7pCjsbE75ERNuYpP0/g85tMHJgriMr0j1eUSri42 cpg6/on2bYxqppDVx2JTaOnI+D8TTSx7s/AgeiZyiihcWiwmi2b4mcjNoP4IEwUltKCYFmTSgiit 6s7rjhablMnuK/RjDejm8cdcVsl/WRM9PfdXsT4fPqvKST39hT6/FN4tneag2p6aGwrHU63qsY9U nyjWQG4kPT/Vpow9qaWOWCSc6dKpaJRSt2JwZ4VS090GheaqaJqidUXTQlE71cSsDtY7OazKjz4r klp9xAfXl6K3mj49q6412dhQz2b69DvqOiO0xhrwsZZuMepkg/J9eI4TZCgRsTWGG4saFZPBV25G jSpnFaycVatyO6tw8Dv9I4FJbraNUDNhrSGpZfUXp4LfY/WYMy5gzCt47YhKn3A7fN8m5fZyVd2Z ckow4ysvnJY3QoMJ2ysZNCNDnfZ+YfvUX5o71aQo6dPqP88mfP1blvTLju9sfEl/TZHoEUrRDC7B CIt5BzEWqBBeQl7NyiqYH2PCLVuv5kMrnfDzeMtKK6uUBntqMBC21t3aNX1bV0H99sfX7vOWzKqZ OthWYtajo9cFG+evKh+8bl7s0ZuaVzSG++ZM2zTVbzajpzIvbGjNal01bebm9qzW8jkVwbRomt6e YktJC0TTXPk9++ed9RU05LbObWyGde+GdX+i2QI/PUZYJxoaqDG9MllZwLzdA/N2joW5vSpH6D8T QU+cDSPiEVg0zuwfZ/1NnFk8PqIyJgzEY6ysSFdrikeo5tlYe7DVPrMG8qimk40VmPPAh94jOcq6 YDPh9WF9h/R/XRhHOYRfVQ4idA4vrFWvUn5StvyW/nhba2s2/B8eDJu0OlfEn4IxVE7HjBk5y25Y kPO0p3x+IlKfaMlu3tdU31uVQt/dcfqqVkesNncjKqdajZmGppr3H/gY/W1uddQ+6+DQjpYrV0x1 5jWWjt09d8GU5XtRYxfCYhHle3DmXX80lbU8rDsFv83KFvi94zAG4Y4jHOAOJdgEzMdQFxxK4++z C+BYMiUsRVZqTXk3nDBaZoQx/1Udd7UrfyhhrZrBMqMkf4RqjxpgttHX4szREL/gZDiLlkq4lD7n OuTBaAba79CE41CJqDS6lCkdvUWDd62smLbl7r54V3OF36BVOS227Ck9tbsuT0/0T6mZ3xA3syH6 I44UhyUlK82Z2Htsx9XP76mzBzL8VpffmR1Oz0k/+fSCg73xzHhU74I3RkUGYJf7sPsxBm/pDYlw Qx01BWtY7axh85ca1gfWsNJRwwpLzWnshSekSFitiJUwHAfz8RpnXMTjcXYRK1BGV3qrqSY7qLai WmqG/e2o6upj1k4sxKEw8eKEUbsYjcixO+rghUnO5CqIQcjE6FzB6GPSkLRKuU/nSHWzZYnpdy9a fuOCnNJlty6dfTChc4dZmTIcbrqsuQElCCVqWvrURGt2iixAuzrndx48umz76aumtzSpTHK0PtqC srNsX6L5ypUoS03o/FWkH9a6G61aHOtaTyfyiiobKjdVKi5Wm1wRWMnlSs9nI4Z8Zi3hquftG8rC xyea44/GVcwJfYLVtnJ1svCBeRnjYVwGFg2cmtkvPT3/xQPqW9SqM2r6ipqq1alFv4y1+98fsG62 qqyG91N5AesX/nrhueTGLH0zLobzaOzi6A9RQbXR9EnFCvV0cuFTebIruUF1yt3ZKaPDodbNXYkV bUVmnUmrqBSdqXL+lsSmx7bWTtny0PJ1dw4UHFYu3TV1cX0GJkXZ6R275xd6Ah6dNcVpcdnMphS/ q37PyJ7tp65oad52b6/ryjsKZ66sYj1nFnbCXqPZjZ5zxbDXziogr3jBZKvFmLdWELzvB/NmDD7n j4eL87Ai9ErCyTxRWcbzldMDsfPFMyIz7TPYBPB8KZvLxM+W8YHA2XgZvPNJL4fwxnt4iw07TBrb opmXrTuf9qlV16g1eq3OE8oNZpVHrN/Tmwwap+17ejRNmCjrL7fb2QDq8uiMDe3RxkyzXtHYXD6r xmAy+Mu6apfpHAFXZuSzP8Bjgn7RpFc8kUxXwKHrX3Lt/FyLzeyCV1chFWO3K9cr38U66izs3X0l 4XEWTGe1bLoehWd6xO6iM6eXNWBUwXpAMK9f4LefZYcadLMhExabk86cHVTbipUynY6VJlRG2OtM wgJRUKYLBnVlBWpm40Q5ChbpZV/RG7Hjst68rIQJnGUr1inV7T83z33P4xmoVn4/ZUZepPFn1e2L fhaZnVwGauA95vnXRdMfLzsXj5+N+zBQZUNVB/oD+7k4/ovLD2Z12BiTbD6DiGVr0Z55fcn5g/SV VqF7xdom+2SG9/owxcCkYqI7ZQtHsexsKyYdoru43mW7Ippa2n9gVtXyoNM3rfIPTZu7C8svObxl w93L8u3pJZGSotKscGb54itm5k4PU7vDMTa2sr94epFv5aKSGUW+uUu7fh/J9Ruu2tmxsj6obI+G MxcUzdo9Nz/N6ywMRQtVRlX61L66+s09JVmJvvL0+uqylJSZ+VMHYln9jZ175hUY9OljHy1eHalu y+lbFa6aMbqktkGlTynIzfFMa0orrmfl+26Mcx9Cz1xKLj3eUE7zLrjkkwV7kq+e99Mu1i37QsLx yhpe4X3lzYaJHTMKnyu8K5jWaU8WtGe2pszkzSfrjdEZJ316ojO+qO108BGLVjdpKpf0bTjE0NGj PKR3ij7XX9hWXL+vGUHuEJJd8fRb2hbunZmeIsuzyta5pDmzt2f0Bhkzuf/taJu66vpB1lJePf4J 7dIUwa+aTm482RCdHd0UVbysMiOJYF65eRj+YzAvvGBe0nk8Sqz3NPZgpMJtyC31r27CpEnhJvzn s8YwWyvFi/L1x1Psbdw+r5+PJ7uWZM/C2sF/9cq62Oo7K4wohbT+8wZw5dfVxhkmTKBcJf2btLg2 L7cGkDm/DzlfTu5MmBsqaW4JLUk4aScGBK/wJg2CjzbA77N6zcNIZclpvBuXQczJ1Pxnjz0KQ8Bb UEBYQkWh8GaYNDltqa0OWSAwT6RFGF5gPMtbwdK3+aSITSdkwrPpvykOybVvj1uro9TrVfbpXRmB YNRv045d9XmL0Hl6Zwrc7hkeg8U29hzdaDHxKbyisxjon8cs/1owPnuV7jRaDAq6EYPZbx97bizL 4UnajNbDZh6S4N73Tdz7znMbzRYvI2xsxlYgwaJnIMjt40Z7K8/iZP7+23z917ycyMILZTb5FJpX 0KvPIe8ngk629MRXSGN8/pbNJ2+bu2nrpJrLnwhh7pThjCwB88Ehr9GhkBcFPRQqFX5gVrGFM5hX bCN6s5NzmNdhTj3Gljyhk8aY/LYI88rAGZdnn8ZLiKXETrXDHe0YbmoTlmnt9a0F1W0FMycaBOT/ ZJdeTdK/g20nScc/ax/4q9OyOGCczqY1FzUS/xKRbDU8yQmnGNB7NK+IxsOld+c3F9Zsa2GdJLzM Om9+U2HN9om2ROtM9XnT7LqZN7dV9zUX2wu6OqZnLtjZFp7ID1W05nOtyr/GYGpuQhEymPS7emYH iqbllDTnudDczJStLnKwlNyRsIkcZNmYbIA/n0vJdleYHbmWzE02PQqZ2IhXLIWx3nLyehj958lk U8wa4oSxoD0vJbNNmt4Jw0+0xfGkfzFp7f/N1heb9j83yBNG/GLn/6FBvshQMNAAa4/Z/OctWIj5 lh9PpDbk0hwnzXXQmIXGzDSmpzEdzePzf+4vhhHAvPyBebMFvtifzIanoSIjNU5yVLOR8CRH9XN4 Axc+s5M20rkZ2YT1djpsa4dXVpWcULI5UbJkyhVY1lYl/+ToTbq55BRSTo+Ut2q3fXXrpq9srKzZ 9tQ2cNXTwfp1s9vWNqcHG9bNnrGuOUJ/u/HUNR2N+49vBbeD97VduaymfOmVne1XDtaUL7kStrl7 7A7lJ7ANm00fYLPp9Eq2MYn1VGBeOVmYN+IQvLigBqPb9oiJNJ9Sc8+hmFP/25l0m332f5xJ/7uJ 9L+20p7/PJG+bUlO87REpmyqUVjcnqBTlzuzs6tg2SE2kS7jE+nW7OY9TfV9VQH6+51fOzjdnlEe HauX82f171G5sGnJZLg0rz7XM/OqZ3a0XLFiiiu3qWTsHux8XrGPzxhhrfuS1romEYS5wqY4a9/i bMYoDMAbuTibLeZhJz8vNmXJ4gTmrSRY7lXiBsWeJMwWPVltpqnxsNpeyGaLgfZqNlu0d2owFv33 s0XmsJlwPlTAUyXHl9wzJguO519niwY27gm7dbntM9qymYlKl9+6NKe1ZXoe29bmTnXo/mXGOHZc Woqey62J2uSs0ZFVl7tBmm7sb2LaKFwQmDbyMaHqMVisjCw/vrmCxmzJQgXmSQeLwsUEK3U2Vric yWV3dBKEVSsSQJnLShji7TGbJ9LmYRNo3tzzDl9UosnGYCPpfzPyE4VIq3pMpTXo9b60TE9KcUVt dFLJ4W111rTamjRLemaaWa1QZZk35DAYDHp34cyq0SHZwV9oaA5WNmfbFL3RaLDyXStd4+dVLyHF beSlhLmoo6FjdsflHc90aCY55Xm14mE0s+AzxzAQ5GG0PZzRgE8bob9MhIVnnhWxICtiScc8DgdZ Ex18Di/ls+VVIwLEnEA8hlBnEjHcr8H8jFllLnyzyvgHxxzHgGOzQxEO+F8w73u79z3h1oIZhes9 6XjHRsFJCyNFSfeEmEVb2V6F/2vHu+qlsiVXzipe0FLsNaqZYz3eML86r7k0mJ2Y09OVyM7t3tud OaM216NTMDoyag0ZlW1FeYlcT06iu2duIptaW9Yjv30p7sywC/uCgpGgM1qZFSvPCWfE6+dPqRhs yzc7PXazzWt3pNh13hSvK1qcml2RE8nImzKPjW7Sx/+k2qD+KnbeLj6eSxzRgmRF5AybgnlegHmF 5AwjFrBCaPZZCs5HZ6RZzvtmlKAuHtVxP+D5c6yzK0suIp07K5xZYh+M4/NTapVn8sSbT+ZY5VRt 0NsjuYW+1hWJtP02J9smdZmcdbzLvKVO27tV032ZqW69xqBRL0rLsFsN2iwsJamsYk79ulw8fV3M useM/UsNRoPG6mfpvoN5tpSvYUxwG/xa5dSUzUpQNitB2WzRLZs3UtlsnIANYB8/S9hwjISTVRDM rQL+J2/4mWDjUHaCjPhQRNCPEwZXQVu2SZPShoGZ5oJ7i9VP6d2aKFKskk6MCKR7a8Kv5eA+Guwy ksvQcGw50zy+NIe28y7e9evcwhXhK5pRXL+3BQ4uzNichonB1K6eWVNWX79MlSHHS6N/nb20Kau3 R7VDxjD7ZGCmuhf2ySe/PoWtu+jN2OJEmK9eZIVpSIgQ5ZMyJJzv1gDLxXo5cHImWzEHDJOowglV GFU4aLad5mhoRg4ipmbQzAyaziR2JGam0wiPjdDMCM220Z3pNJ25dQwOz4z0CGotQu8lDGgG0plP jYXYdAn8YcKMe6TntKWbAm0m0QDCvnyKQ+L9fOQQ78eKSX+csiEEP8BXUOJsKKGb2C4xsV1L5XP5 qlyiX1X2UpWiGjuntgRyQqGcFKybvKTWsIV9X1oU+4DH1MqnKvgzg76QQ6c8qDYYzbrPnmD7fNV6 q1FZYHYaFPgUsVvGbBgNmM2q3xngHlLpTczaFeOfaK6CtVvIW6ewYHkmMRVJg+caq7vVtIpxViGN pdNYhMbCNBaisTSanUpz1DRXobV1tK6W1hXQKfnUHsF2I/wcFZ8wM4b7GRER3MGO/oNHM05gTbzT xqJt09r4ecyYDfbZ9k32y+1qe8LpnWEva8tqq70ln+azY/ms1bS7vDNW5+/KV7Ug1jfTwIz8E2bJ /rMNDedgS2FvbvOSYsKszE3NBFuqgqExhUwuVinZukmrVbIznmTySVJzlVoz9g/F4ssJhfNSzMrX VapnFEsAK1jZCI19rFFjduFLzXDqlZ+pVC+qDE4Ue+zEUL2hoq+rsN4c8GMLkvKgzm27kCmqmwyG 0W0Xssjm1hlMyCHMVEcDBgNyyIKGF9P5Ub8MqfQYslKSi9rRgfwqItecIiUwjAMlD0t7tLOQtRh1 hdSP8vgsZLmfYh8cbxtYVeFRXmpgpTUPhwm7Zgqh1VFaaaKmCJtesFwxmUqKc9uiJkdam5y9s9bC 4aTCYQvTUmZ29h8+sGWdL0qx1fkLO9YvrAG6eCFmC39UadK7ssOhqMek/ukbapMnAxvXHdRA/WP/ 0FNXdiQt6jaqz72iNjrCwbQsp8ow9nG+1WXWYHauoyvH7gUpGrPLSk/Sx6wui1rRGnVjR+lskKI2 uW1jS1jrgVHgPtgnk3SfIkGktQLJrArS3CD1M+d3zE9j1kqrKttAA6xLrg3QlGpwXQoNt6UYXW3G DvVs0sH8thjFsPVOpJKVJFZ50xWx7lblwm4dGiufWOd0cVeh161Tle3WlpQGIg6Vdp/Brow9r7dn hkIZboOGUuWfWkdGJDXToR07YXdozG4rrVE7jcpij9+qwZZ8y2ih6nWXSYN+womU9GFQ+wZ++yFO 6k4RO1LiZbtJYnw3RhGOlxuaDSpDlgOTlmMpM2zoKzB5wYMzdzNWe/vPod1B9jBfJ9uUxkp5Fb1o iyjfNkHZwrPqDa3eqh993RNkTQa9aexyu4vtWlOpTQ4sZyFubAc9jCVobSs2fupS0zOsXm+KXbUu PQv7g3Vaq9cRsfp9AfvoXdhjy0bjV4//XVmgWQKv0wwSS1gzM8MG9zGNptjQXMucYfQoft8NI+c3 2Zsn3I8rfOITr5woMZg0uX3gX1Y3Pz//UhaULtzfqYtme0JOvZYanKlO77TFNYFIYrCxdkEi16iD 11vrrukaLL/knhXFY2cN/txQJCfFYEjJiYTgelV+1XvdQKXmI5uNVTqKXs2ly21eXFqztCWWEvJr HWlef4orHHBOXXPjZ3Xp8aDJFIzjxbwUkymlAHmRN/YW3UbexhtJxmGTL5XYXzsntq3odKLJqXLJ VoZu01p9jus1FleKy+EzUvXVJn9mICXTZ7o5XF5YkPKSzoi5DnsK14FgxK7V2iPMnqfH/0FvUu7k 8+TgUYKtVntPGkNRzPJtWGQ413CODXvkhmm5pwA5OzFbS3bb9CakORzJQbviz4mEhQ0uCiuRSD5L X34ko4BxwWhOuohAgtF9BPCqGyVfxPNsRIpNxHeUbZQ48yzaDq1BQbuMR4m/wJI/yX25sah+SiHD hulFhS0Auwcde1cxar4BL5v+qF1DirCv2Zc0V9Lvp3tcbXGneVLSnWqtql9tcYU8WDNTaz6yYElf Z3FZtHstNgOs5bbgfi30uKpQNRXviVmPE53pPBbXMRpETvA1JuFK5aW90OkYW+LEH30EZVpDP84O hWOxkNYRwF2uHnuM/kVzA948y0h4FNaoKmw4r/CKp3jCpqtJQxGsjbYPd9biZQqnb+K1nUKF1zPR cdM/Le1fukhDrWkpzoDLrFR2V6eGa7rLKHbTe32pdpVm2ffG+l5/Y2zhD8wOkwYbgDWrfvTTN7ds +eXPXl2N95zQwOFdXUr24InexROlk7JTxImpGJ4JoxvuBWF8gjUMTjgiz7BGHvMx8YTxUvGIbITB zMreJap0VpSrslndQtnweZ303dTqrkrFjHc3AmkWqlm8ZMkStcqe6vNgw7xq9Q5VypY3f/qjVVh5 UmnQFHyfPvbG6/Sx7xnseAtEq1WfG5uN57tBWUVrNDuQj4ZhjX06SoCozHzKqyQLno5m6Gx+pzPF qvMZscvYn+4xUOWaiZnry0wpGJmw0o47qu7hd8wl1hOaYGw6u23DuckF/MKN+XIOhk4ixutRHdTa fU4nnMQ+o5t9k9tAx669KK449vmvZqtneLtB7BDWU/44djvWxMi4RbtbU4jfpWG/HbPu2JaDfmzj 25AoKTT7C6rJXn+Pv4e0Lt/+TjgnXLL/A8fCD+bM6dCZDxZuydQ4wvi3ZOoH66/q6vjTEhTHhtew NIIlKqxOlbKWj78DxvZUvXCWRb9g/9Hr2Gv1DsBNyGcuWGtKTu341g5fleh2dIqWzVkw5WNuUetF a/NiETWTL2JpWVZr+Kq0OrlmVUW1ux2x+oW7OnNbK7N02NbQkh5vLMv0G62R6rlbZ0bqKksDDnVq DLmlUfXZi5tyG0szvMairc/fsnPkxhUteV5d2f7XHm7buaASc0ONimLDQ83glbNOj41+eYYpXN13 +Vd/ddOjf7pv5ujXYnPKMK+Meg0VDf7S6obYp58ptPkL1+xaWObKrMnKqcm0O9KLsboX37RzS1+V LVKc3mu1Yjuvbqx8wdzc1v7V60sX3L9rennf9oPXX745e9PINe0OF/Z0+xxWp81sdLutvY/+7gvl 19794JeuXVk7+5aXzySac6d1z+8Kt89xRGuyFfbm1YJxk3Kv5i9Y0yw52dndiXcuM7qxF/HkgixN Q01ZVwZ73wY1kBSdKzvfcK5sYt5tTy7VTjTjVYUa2ZBjZw1Mr+X1PfkqpEcX0onFRZ4l7D0rrXLv 1M2PrMAvllpT3L6gXaPyFXcnCjx6NVoeS/HsrXO+cHtl35YdW3orCxff2O/GeX68CGlTe0PTagod OrXChjmm4raBuqaldcGqvq27tvZV0Y1zDi6p1vwMM3c1XmPR/1Tr8vo9GSEv+q20aGjzQN3smty8 yjnb5jVtX1Cl/b4W/jPs5tV/V8GisN2KquFKtesDoUCgqDF7ypzqnHj5nG3j49h1YVIe1fyFakmN gZDUU3hl7cwxm6pzEG0Le3GP8TCcpmhYUEsz+d45N0Yq/aQmkTane/7Utl8trNAuLNct+lUozxFa iH+ZTd2ZPb4LL0A6ytiLj9hDzgkDLN6ZR/EqqViXjSZH5lUu8QZkoarKNTFzFwobyZNTI4+SnlQ6 dgMNgtjNh8HzwZztNpdWb9FdnUe1aM58IbuW5o29n6fS2FJ9fhbK5WeY9dfkXmpzuWzX5VKdI+Tz p9rUedSbTfX2kN+XZtXQnG021+jRHGyuVXY6/Dbd2PFQBucn2YCUD07nj03Saeyons4MRaIhOg3n YDeQSTv2jck6PDB2HLsyYcNL4A34Ot46YuOku0+RdozofTD4QDuN72igqxpoUwMtb6CZDbRhRNWU cJtTU817Kui6CtpRQWsraLyCVuDAs3BjR1DQ2UQL+cQWp07iNqQYb72MjH8CH5Sq01w7XlysieGH GoZdfc0j1HNUszS5lM76yXg/9nX297/DZ0zYnWEXCk0uBsCiiWXuJdYGXbSPU/c5729yL4fy9fL1 h7d07Vs8NcvuLJy96/DGrJmJfKtOraJYbTPFKjvL+q/pyVUC0zrnl6y9pS/2tK9yYWNWe0tDIL1h SUNiSX0a/XLPg5e25bSvP/TokrlPPnDD6ikGm9NksbmseBVNb3VYZx54YrEt5LfVrLx+oHZpY6bF F3Ze8fTaguKulWw3Qzds+xz237KNr9PpladIJXORYI9GJTrN46zTrGCCxXDBYsplDBcshjuI4YLh DNu2sX6WZVEbLZb34YJtGJwc8zbrp4vxvw1JpLhz+Oghh7t2kpptC88ZUfkTgZAtGkIq4MLgHyF3 yFjNz69m7gdPGibk/MJkJLuw+jlVE3qm11jlnJTpZ44ld/0md5GdYV5bNjDgm1ka8bgJI0tTYzFu yoLcY8QFj2bFB3dvZEXNYWTzI2PFVE3BaEpfy+hEYcFKbnJphG8EjicDvF+Lx0Fi1UB8stLD1/XQ ZMhixN9JqxJDJdY58XlISFHEgh9bRPFVVrLXc+Uui0rluSlbDl+y4oGNtTkdG1umLE6klyy/e9Wy m/vz2Raz6Zs6sn+aVj23Yv2mYM2CKSvX52W0rG5uWDo1fPVVBw7SmfMOLizM697dOXXV/I6McEvX 4srmXb1lRV0bG8qWzGuLRNt7lqqW5jUXpyzryW6aUhMu3z/6SGHHtKnp4frGtvzBdZegns5AWXqR vwMRx2psyucWqbLkIhWclGcSWax0FNBJy09szdXNPHxulnlu9pq0+7QKA2kSEc7NCPKCVVwwX4UA czcf+D02soZHCv9r0oKEwcher0gQhS38JAy4osg426gi3E+FEN7z4QWCeZ0hjAS/TIUtSka8WsHe PZCvVrDZPN/RzSbxqOgsc+TaIHMnox0Qf5+faWGlC2OSiTeI1cqLRRuGrtjz2Kp48fqhA3vBQ9Zg fEpncc+6qejBVs6o7pmKuYbq0J1/Pzq44Il/PHTHPzg/NXjPzp6qlDk3fm39rT84UJvZtGTr1Wi+ nka1fVDjw28y/DaRmRmimWk0M5VGgzQzQDNTKJu8+2guXyB0Mo8Fqht2FTFzF1PCTEtymVcOR8Dc oJxhfTA3KJi7RHLZyxrWEHY+Y8u3iX2a4CjkjSeY1yvwGXarSfFnmMMPYZgeVzyEX0pwYbt3w7Fo dy7WXnXinbDShlFMgYRN4+ewJ0ls/Ip/m1uWCBegMG9ydp50+6VjJq0VG4+qskSr6sGr6tgX/qAW 77iOLtaZTVotXtWl1k/Y3i7siDfQPLXZ6XfC0ap9X281aJqZN15nD+BtXYdB+emdRrUl5HP47Wbt 84oa+/TQFX16swETHVh7K6x9H8p0PVanLbmVNB6iuWnMx5dgZuXdUIJ62UZcL2+OvMxMXhTDZ8uy 8I/UJG1d8xx+oNoEY8E4JubiM6EkmhzVNZFIDQpf4bNlXm3hXDtWGXOkhcQIi73LzNyk78TPseLI WwzeYHDf3UXGYc7Qz2105gNb3nbo+Ob5+zQGm2G0wuqx6RSjzfzpgrU1ztSKOeV8mzPrh/Giu7+u 75K6JTf1F3qnX7PpnKoMO8Q17ezNAJ095HWHfD4LNS6+bfeyeLyzNiMjJ0PvDHmwhGH1ZEb9FYv3 tNTvvfmZra8bnHw1aTXahNtgv16qOYWF7DOJVFYSF9ISPUxWwiaNJdxuJcxuJSOqioRx1tzYrFl+ +JJh4vcSMZwSYy7OBGJjCcUaZFeK1SN+ZZBdia1zvMgGYfkT3G2H6o6tmKjf1mSRBfPSDj6TcCEb rHUJ3LaOOVtnFtVRXpQRwVj0AHWOOocXW69NCWPb3Py/RCKaNvbSh2nipY+i8zX2ifc+0HQzzyra e7G0gukL32WHbXbJ1n7SKAFDYmxZCok3N1mbPrH0+W/8ORcy0YMe4Lb67U9eMm1Lb61Nr1WsFkPF 3E3NjSuaM+JzL+3ci7zSaU1Ww5bGtW3ZgfKuitrBmaUYG+sUzJxdtT2bEguvW1QQqV9Y17RpTgHd 2nfzqipPWthqhQchMzWSFcmo7ymt6k1koHp4XCk2XUairyqnrTIczYlqbEEvm1K4kM+F83ZMn7q2 q8ak0lXMYW1/Mca5P8ZbFXlolz5N1DKHeAHNzqeZ2TQzRrNSaSxIo7yByvLTLPx+hJfGPDTmpjE7 FlVppoZmqmk8yIYLZxJO0VoVeP0QXtaIwTvL2x3GJ5F33tRCvCk1/lkiDWfYWfWzs7JkZ8tEdtaJ 2JlTws5++SCbqEVbhc25r7DqxzbrJow4rFYXF2UHsVqNDFbH0+12Y3q3kY3CMbJz1pSxEbjw6MaT q2VxDMnZZkm2ARxd9iTvuewL+FbdSVtU5asr8gdKWFvlxYsb6cqP3c7b5Buco++b7Rb4Now6+qrG FcoPpZeE7Lc5PGMPq8YW0cfo5vTY2Idy5ZbatRh2u0IpPovixFwcPxFjMXz2najq96P4gR5KVqLG 3YW3derJCwlLdhXNruRbRBTeYvFBWYJWJVslMH7VBeW/ir2ekwPT58CUOaxe5Fhnl24qvbxUKf33 L+s9hzcS2dvNrIohz9i+aCx6Q51kYzyXy4+Kk58w59f+NZKBtzk0+V14oX9S1enHvJ5tbaL215M1 5mz/a6LyCOMy6ya7Vj6BvKi6ZHC/mfx9A2x9w084iCm/clfrgaPrp6yfV2nDD+pgQ4TOmDd97Yym zV2F2V375k/tjaX6w2mqqXqbUeN2jqVF24o3Hd5UQx9a88imWkeK32p2BJwOvLmPtzcizavb65c2 hM2BLJUtPQKfqSszZ+xOjapi8BBmgsl5CX6Znv3/3PFbbqgDz8DyYfLGKbzr9F7C6EinMx12mBSN Ckwl+kU23uRhlEUwdomiLG7nC28o0smr7OwqFmRXgfneAn7YxJb6dqDWYDcZi8fFWF4Tw+10Nrvh HTL4p3xAi6U/3umA+YYFzrgn+O0TyDyPBt7xgmOBLhN/0ZK9jIU/lHKWC8yhz/6SNGkljv/ozmRP ufKMojFoxwo1Nl9mICMG5z59f/R2l0tjtBpUf7Z6TFr1WWdaMMX66UtmuCO1cEyq23MyXehXsOMF 1kzORGDNqbCmiocPo+coxi9UfT3hyi2keRqay9fU8vALIEbajJTh7SR0J83oTmBU0ZOk7SmhNSVt JWtLlDi2cbJXBQ3Eao3AOcXGgGhGeIl9+zgrsXWs38Cl4A8TTtYT7KijlXWtdavqlEys3I2o4glr URb2bvw5EtFV/jVvLkqx/qhOvH2LdgKTQj4dZPuq4/xVJDQFcCpeKMO8FDMn1UUbD6omvZ0kX1md GDNWKofdxV17n9gc75qWj1e74Jow5UztLhu8oTdfVXHHwPrb+7JL1z26teuyxYlsxzMZjQMN0xbX paZUL2zsuFH13LynHrxhTZ3J7nSGA96AVYN3+zv2H14cLq5bdePc+ffubM3t3HDo4dYDz6wvLpq9 oqJuWXMWG2bjj/22GOVKS/BLbc2zp/U1zYs3Da5fu2zr2v8PClJWwwplbmRzdHJlYW0KZW5kb2Jq CjIxIDAgb2JqCjE5MzMyCmVuZG9iagoyMiAwIG9iagooU0NJTS1UaWNrZXQtUGxhbi54bHN4KQpl bmRvYmoKMjMgMCBvYmoKKE1hYyBPUyBYIDEwLjguNSBRdWFydHogUERGQ29udGV4dCkKZW5kb2Jq CjI0IDAgb2JqCihQaGlsIEh1bnQpCmVuZG9iagoyNSAwIG9iagooKQplbmRvYmoKMjYgMCBvYmoK KEV4Y2VsKQplbmRvYmoKMjcgMCBvYmoKKEQ6MjAxNDAxMDkxODUzNTNaMDAnMDAnKQplbmRvYmoK MjggMCBvYmoKKCkKZW5kb2JqCjI5IDAgb2JqClsgKCkgXQplbmRvYmoKMSAwIG9iago8PCAvVGl0 bGUgMjIgMCBSIC9BdXRob3IgMjQgMCBSIC9TdWJqZWN0IDI1IDAgUiAvUHJvZHVjZXIgMjMgMCBS IC9DcmVhdG9yCjI2IDAgUiAvQ3JlYXRpb25EYXRlIDI3IDAgUiAvTW9kRGF0ZSAyNyAwIFIgL0tl eXdvcmRzIDI4IDAgUiAvQUFQTDpLZXl3b3JkcwoyOSAwIFIgPj4KZW5kb2JqCnhyZWYKMCAzMAow MDAwMDAwMDAwIDY1NTM1IGYgCjAwMDAwMzYwNjYgMDAwMDAgbiAKMDAwMDAwNzUyMSAwMDAwMCBu IAowMDAwMDE0ODEyIDAwMDAwIG4gCjAwMDAwMDAwMjIgMDAwMDAgbiAKMDAwMDAwNzUwMSAwMDAw MCBuIAowMDAwMDA3NjI1IDAwMDAwIG4gCjAwMDAwMTA0NjAgMDAwMDAgbiAKMDAwMDAwMDAwMCAw MDAwMCBuIAowMDAwMDE0OTUyIDAwMDAwIG4gCjAwMDAwMDc3MjQgMDAwMDAgbiAKMDAwMDAxMDQz OSAwMDAwMCBuIAowMDAwMDE0NjA1IDAwMDAwIG4gCjAwMDAwMTA0OTYgMDAwMDAgbiAKMDAwMDAx NDU4NCAwMDAwMCBuIAowMDAwMDE0NzEyIDAwMDAwIG4gCjAwMDAwMTQ5MDIgMDAwMDAgbiAKMDAw MDAxNjEzOSAwMDAwMCBuIAowMDAwMDE1MzgzIDAwMDAwIG4gCjAwMDAwMTYxMTkgMDAwMDAgbiAK MDAwMDAxNjM3NCAwMDAwMCBuIAowMDAwMDM1Nzk3IDAwMDAwIG4gCjAwMDAwMzU4MTkgMDAwMDAg biAKMDAwMDAzNTg1OSAwMDAwMCBuIAowMDAwMDM1OTExIDAwMDAwIG4gCjAwMDAwMzU5MzkgMDAw MDAgbiAKMDAwMDAzNTk1OCAwMDAwMCBuIAowMDAwMDM1OTgyIDAwMDAwIG4gCjAwMDAwMzYwMjQg MDAwMDAgbiAKMDAwMDAzNjA0MyAwMDAwMCBuIAp0cmFpbGVyCjw8IC9TaXplIDMwIC9Sb290IDE2 IDAgUiAvSW5mbyAxIDAgUiAvSUQgWyA8NTFkYjBiZGM2MmFmYTRlYTJjYzYzNjQzZTFiNGM5MGQ+ Cjw1MWRiMGJkYzYyYWZhNGVhMmNjNjM2NDNlMWI0YzkwZD4gXSA+PgpzdGFydHhyZWYKMzYyNDEK JSVFT0YK --Apple-Mail=_3D81961F-5B6F-436B-AFF1-AB82E8083C41 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii
--Apple-Mail=_3D81961F-5B6F-436B-AFF1-AB82E8083C41-- --Apple-Mail=_3F9C935E-EDB3-4AD2-8E47-F5835655452A-- From d.moebius@tarent.de Fri Jan 10 03:05:56 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3FC31ADFB5 for ; Fri, 10 Jan 2014 03:05:56 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XsXSK36ImDam for ; Fri, 10 Jan 2014 03:05:55 -0800 (PST) Received: from mail-pd0-f197.google.com (mail-pd0-f197.google.com [209.85.192.197]) by ietfa.amsl.com (Postfix) with ESMTP id 358811ADFB4 for ; Fri, 10 Jan 2014 03:05:54 -0800 (PST) Received: by mail-pd0-f197.google.com with SMTP id v10so10071721pde.4 for ; Fri, 10 Jan 2014 03:05:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=WZilkg4odd/C51jQG28Z09/tZYqVbAaX9WHIYTeLDag=; b=I+lhG441P9/Gakdvu4qp2zn5XINxDTU87EIdL5aZs/k8hJszcTwKvDJXQuAMlcidjD CDosu+KZXMofUn/4jfUZudqlGijFKeeMgqfa6d3KgTDebOZQtoX5WXVsPTB65OHpk8Ac wBKJ2L9UiLS+Qw2aYm4MHRc7jT7tBC8wymgDVGHyXTXki4wEQSlY0PO/9qWL8hHJL8tH U8Tm3kCGTrlVd1fDh+VwPbMlmS3XOTounnTr/Z6jmT4PCP9m51HOj0lXQH/CWxa+FvB/ 9Z5HN74MWKr9jPxpoNN/vPOu3ip92a3K/OFZrHMwmu9jCQadAQEtWlUQqKvi2ZMlEafd wfHw== X-Gm-Message-State: ALoCoQmUrhAC36M3NvONgx5oiH8/RB+ycmBuq14jDWI3/pDXFZ5rXnst4ewvKIKfNzdQBtYe1esK MIME-Version: 1.0 X-Received: by 10.68.233.166 with SMTP id tx6mr10372422pbc.165.1389351944907; Fri, 10 Jan 2014 03:05:44 -0800 (PST) Received: by 10.66.67.41 with HTTP; Fri, 10 Jan 2014 03:05:44 -0800 (PST) Date: Fri, 10 Jan 2014 12:05:44 +0100 Message-ID: From: David Moebius To: "scim@ietf.org" Content-Type: multipart/alternative; boundary=047d7b33d9bc250b9804ef9bb56c Subject: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jan 2014 11:05:56 -0000 --047d7b33d9bc250b9804ef9bb56c Content-Type: text/plain; charset=ISO-8859-1 Hi, this is a proposal to add id's to every single Multi-Valued Attribute. Why? For example I want to change my primary email address. Since it is a multi valued attribute I can't just change the value. Instead I need to delete my old primary address and add a new email address which is set to primary = true. We think it would be easier if I just could sent an email value and the id in which the value should be set. What do you think about this? by David --047d7b33d9bc250b9804ef9bb56c Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi,

this is a proposal to add id's = to every single Multi-Valued Attribute.

Why?
=

For example I want to change my primary email address. = Since it is a multi valued attribute I can't just change the value. Ins= tead I need to delete my old primary address and add a new email address wh= ich is set to primary =3D true.

We think it would be easier if I just could sent an ema= il value and the id in which the value should be set.

<= div>What do you think about this?

by David
--047d7b33d9bc250b9804ef9bb56c-- From phil.hunt@oracle.com Fri Jan 10 08:44:29 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB8991ADF46 for ; Fri, 10 Jan 2014 08:44:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.738 X-Spam-Level: X-Spam-Status: No, score=-4.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pjrPh80odYt7 for ; Fri, 10 Jan 2014 08:44:26 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 20D751ACCE2 for ; Fri, 10 Jan 2014 08:44:26 -0800 (PST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id s0AGiFxP004844 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 10 Jan 2014 16:44:16 GMT Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0AGiDuP000954 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Jan 2014 16:44:15 GMT Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0AGiD0n000948; Fri, 10 Jan 2014 16:44:13 GMT Received: from [192.168.1.124] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 10 Jan 2014 08:44:13 -0800 Content-Type: multipart/alternative; boundary="Apple-Mail=_1443D120-2BDB-4ECA-B04C-055F2B034377" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Phil Hunt In-Reply-To: Date: Fri, 10 Jan 2014 08:44:15 -0800 Message-Id: References: To: David Moebius X-Mailer: Apple Mail (2.1510) X-Source-IP: acsinet22.oracle.com [141.146.126.238] Cc: "scim@ietf.org" Subject: Re: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jan 2014 16:44:30 -0000 --Apple-Mail=_1443D120-2BDB-4ECA-B04C-055F2B034377 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Did you consider "type"? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2014-01-10, at 3:05 AM, David Moebius wrote: > Hi, >=20 > this is a proposal to add id's to every single Multi-Valued Attribute. >=20 > Why? >=20 > For example I want to change my primary email address. Since it is a = multi valued attribute I can't just change the value. Instead I need to = delete my old primary address and add a new email address which is set = to primary =3D true. >=20 > We think it would be easier if I just could sent an email value and = the id in which the value should be set. >=20 > What do you think about this? >=20 > by David > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail=_1443D120-2BDB-4ECA-B04C-055F2B034377 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 Did = you consider "type"?


On 2014-01-10, at 3:05 AM, David Moebius <d.moebius@tarent.de> = wrote:

Hi,

this is a proposal = to add id's to every single Multi-Valued = Attribute.

Why?

For = example I want to change my primary email address. Since it is a multi = valued attribute I can't just change the value. Instead I need to delete = my old primary address and add a new email address which is set to = primary =3D true.

We think it would be easier if I just could sent an = email value and the id in which the value should be = set.

What do you think about = this?

by David
_______________________________________________
scim mailing = list
scim@ietf.org
https://www.ietf.org/ma= ilman/listinfo/scim

= --Apple-Mail=_1443D120-2BDB-4ECA-B04C-055F2B034377-- From d.moebius@tarent.de Fri Jan 10 08:52:00 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D713E1AE0C3 for ; Fri, 10 Jan 2014 08:52:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.977 X-Spam-Level: X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOhS8YrMMMPD for ; Fri, 10 Jan 2014 08:51:58 -0800 (PST) Received: from mail-pa0-f70.google.com (mail-pa0-f70.google.com [209.85.220.70]) by ietfa.amsl.com (Postfix) with ESMTP id 224461ADF70 for ; Fri, 10 Jan 2014 08:51:58 -0800 (PST) Received: by mail-pa0-f70.google.com with SMTP id fa1so11508138pad.1 for ; Fri, 10 Jan 2014 08:51:48 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ID9/SZAkpAKJBTCBNEz9frRP3FE20uMVEwuc32t9jRc=; b=IPHL/JBBLIRnQS4ZDSWsBhiMNJ9/bxnUZDCDvzuB/OAgq2rtjUoSf5PXpAKWK9PBRH Y/zKREZAKYB6aGaClRQ2QokFkCLBH0qOoeVdU5KtvnoMqQQ9TctLa0Cw6tNZAnBH1hZA 7u653wTDQwRGwRP5BKXUvgaZ0P5enjVLP1wBQpyz6+8dcNUdHP3NcBv20KHcQ0KM8Okm g81o6NjsqbXOuofzMFZXqiHr+7CHiHqTuq13jZFoz1lITOtdQbDNbqAHVHTtA1CqEgH3 sWaFvkYFroP2KgtW9sO8TNSRLA9wO1L4Mdt+UbneegCq9iAI6i5Vo8PjNhUGeUihVVTL KLrw== X-Gm-Message-State: ALoCoQmsIUnyemJ0FRkwitNl1J722YGC6deL8xBLIHhvAXBZeoEBXouGZN3APos7rHwLYRwakXCg MIME-Version: 1.0 X-Received: by 10.68.0.35 with SMTP id 3mr12636606pbb.52.1389372708317; Fri, 10 Jan 2014 08:51:48 -0800 (PST) Received: by 10.66.67.41 with HTTP; Fri, 10 Jan 2014 08:51:48 -0800 (PST) In-Reply-To: References: Date: Fri, 10 Jan 2014 17:51:48 +0100 Message-ID: From: David Moebius To: Phil Hunt Content-Type: multipart/alternative; boundary=bcaec5215bcbbd855804efa08a50 Cc: "scim@ietf.org" Subject: Re: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jan 2014 16:52:01 -0000 --bcaec5215bcbbd855804efa08a50 Content-Type: text/plain; charset=ISO-8859-1 Hi, what do you mean with your question? I don't think the type gives us any trouble with this approach or do I don't see something? David 2014/1/10 Phil Hunt > Did you consider "type"? > > Phil > > @independentid > www.independentid.com > phil.hunt@oracle.com > > On 2014-01-10, at 3:05 AM, David Moebius wrote: > > Hi, > > this is a proposal to add id's to every single Multi-Valued Attribute. > > Why? > > For example I want to change my primary email address. Since it is a multi > valued attribute I can't just change the value. Instead I need to delete my > old primary address and add a new email address which is set to primary = > true. > > We think it would be easier if I just could sent an email value and the id > in which the value should be set. > > What do you think about this? > > by David > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > --bcaec5215bcbbd855804efa08a50 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi,

what do you mean with your qu= estion?
I don't think the type gives us any trouble with this appro= ach or do I don't see something?

David



2014/1/10 Phil Hunt <phil.hunt@oracle.com>
Did you consider "type"?
=

On 2014-01-10, at 3:05 AM, David Moebi= us <d.moebius@t= arent.de> wrote:

Hi,

this is a proposal to add id's = to every single Multi-Valued Attribute.

Why?
=

For example I want to change my primary email address. = Since it is a multi valued attribute I can't just change the value. Ins= tead I need to delete my old primary address and add a new email address wh= ich is set to primary =3D true.

We think it would be easier if I just could sent an ema= il value and the id in which the value should be set.

<= div>What do you think about this?

by David
_______________________________________________
scim mailing list
scim@ietf.org
https://= www.ietf.org/mailman/listinfo/scim


--bcaec5215bcbbd855804efa08a50-- From phil.hunt@oracle.com Fri Jan 10 09:03:18 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35EDE1AE119 for ; Fri, 10 Jan 2014 09:03:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.738 X-Spam-Level: X-Spam-Status: No, score=-4.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwIK0etblp91 for ; Fri, 10 Jan 2014 09:03:16 -0800 (PST) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 61B0E1AE10D for ; Fri, 10 Jan 2014 09:03:16 -0800 (PST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id s0AH35gH024594 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 10 Jan 2014 17:03:06 GMT Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0AH34o7021607 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Jan 2014 17:03:04 GMT Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0AH34mx021599; Fri, 10 Jan 2014 17:03:04 GMT Received: from [192.168.1.124] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 10 Jan 2014 09:03:04 -0800 Content-Type: multipart/alternative; boundary="Apple-Mail=_ABD28D6D-DDD3-4802-92E5-19833623E847" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Phil Hunt In-Reply-To: Date: Fri, 10 Jan 2014 09:03:07 -0800 Message-Id: <0617A1B3-CAA7-4536-AFAE-13A4E9712834@oracle.com> References: To: David Moebius X-Mailer: Apple Mail (2.1510) X-Source-IP: acsinet21.oracle.com [141.146.126.237] Cc: "scim@ietf.org" Subject: Re: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jan 2014 17:03:18 -0000 --Apple-Mail=_ABD28D6D-DDD3-4802-92E5-19833623E847 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Why do you feel you need an identifier when you already have type? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2014-01-10, at 8:51 AM, David Moebius wrote: > Hi, >=20 > what do you mean with your question? > I don't think the type gives us any trouble with this approach or do I = don't see something? >=20 > David >=20 >=20 >=20 > 2014/1/10 Phil Hunt > Did you consider "type"? >=20 > Phil >=20 > @independentid > www.independentid.com > phil.hunt@oracle.com >=20 > On 2014-01-10, at 3:05 AM, David Moebius wrote: >=20 >> Hi, >>=20 >> this is a proposal to add id's to every single Multi-Valued = Attribute. >>=20 >> Why? >>=20 >> For example I want to change my primary email address. Since it is a = multi valued attribute I can't just change the value. Instead I need to = delete my old primary address and add a new email address which is set = to primary =3D true. >>=20 >> We think it would be easier if I just could sent an email value and = the id in which the value should be set. >>=20 >> What do you think about this? >>=20 >> by David >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >=20 >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail=_ABD28D6D-DDD3-4802-92E5-19833623E847 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=iso-8859-1 Why = do you feel you need an identifier when you already have = type?


On 2014-01-10, at 8:51 AM, David Moebius <d.moebius@tarent.de> = wrote:

Hi,

what do you = mean with your question?
I don't think the type gives us any trouble = with this approach or do I don't see = something?

David



2014/1/10 Phil Hunt <phil.hunt@oracle.com>
Did you consider = "type"?


On 2014-01-10, at 3:05 AM, David = Moebius <d.moebius@tarent.de> = wrote:

Hi,

this is a proposal to add id's = to every single Multi-Valued = Attribute.

Why?

For = example I want to change my primary email address. Since it is a multi = valued attribute I can't just change the value. Instead I need to delete = my old primary address and add a new email address which is set to = primary =3D true.

We think it would be easier if I just could sent an = email value and the id in which the value should be = set.

What do you think about = this?

by David
_______________________________________________
scim mailing = list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim


_______________________________________________
scim mailing = list
scim@ietf.org
https://www.ietf.org/ma= ilman/listinfo/scim

= --Apple-Mail=_ABD28D6D-DDD3-4802-92E5-19833623E847-- From d.moebius@tarent.de Mon Jan 13 00:28:42 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8D011AE060 for ; Mon, 13 Jan 2014 00:28:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b_1W4xf-vM_X for ; Mon, 13 Jan 2014 00:28:40 -0800 (PST) Received: from mail-pd0-f198.google.com (mail-pd0-f198.google.com [209.85.192.198]) by ietfa.amsl.com (Postfix) with ESMTP id 88FC81AE058 for ; Mon, 13 Jan 2014 00:28:39 -0800 (PST) Received: by mail-pd0-f198.google.com with SMTP id z10so4964664pdj.1 for ; Mon, 13 Jan 2014 00:28:29 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=snQdwrtjSShZ4iElwEUAR3OB9MG9+KUJ/v9VmwUw5as=; b=R0JK7NF+B2m0NTy28BPnoRs0yAMuMchFE5butvEdv+JNuupwFzXLcB/53/oYA8zoSP mwi6gmrnH69prYr2WLBa8aPJQkJmGgH4KU4uh/Fk8AeHgglSiMQpUWzr0dwanCoA/d3t AyaB6gOiGZtaWUPtSPZ5ZfoaGk8wwbD3mbCFfPDwn62OwgE8mEw6Eu+H1zAEwS6h5d4U TF6kdDZo0NlJOzqSEVM/oLduXfq9juUWiG+yVFgrHLR6hgmf9MSuCBGIpvMexjbl+5hr 59mRCPLh2Y38RMtJJIGKVPLw2EwXH2uhAyrWDPWPC2JCHaWtgcOSa3aM9wSMc1jF+X2L COjQ== X-Gm-Message-State: ALoCoQkr10E/0+2jqwN+OMqGaNkrXxbd3MJaJuzRF92eRaa5ou4ziChAZCwENZvqnwPjvhRiAZWm MIME-Version: 1.0 X-Received: by 10.66.175.4 with SMTP id bw4mr28603832pac.56.1389601709051; Mon, 13 Jan 2014 00:28:29 -0800 (PST) Received: by 10.66.67.41 with HTTP; Mon, 13 Jan 2014 00:28:28 -0800 (PST) In-Reply-To: <0617A1B3-CAA7-4536-AFAE-13A4E9712834@oracle.com> References: <0617A1B3-CAA7-4536-AFAE-13A4E9712834@oracle.com> Date: Mon, 13 Jan 2014 09:28:28 +0100 Message-ID: From: David Moebius To: Phil Hunt Content-Type: multipart/alternative; boundary=047d7bea385a3f65aa04efd5dc94 Cc: "scim@ietf.org" Subject: Re: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 08:28:42 -0000 --047d7bea385a3f65aa04efd5dc94 Content-Type: text/plain; charset=ISO-8859-1 Hi, ok, that you mean. As we understand the type is not enough. >From our understanding of the scim spec it is (and should) possible to have several mail addresses of the same type. For example, in my company I also have at least 3 emailadresses of the type work As far as we understand it is not possible to have the same email address / type companation nut everthing else is possible. For example OK value: d.moebius@work.de type work value david.moebius@work.de type work NOT OK value: d.moebius@work.de type work primary true value: d.moebius@work.de type work primary false That's why the type is not enough and at the moment we need the value and the type (but not the primary status) to be able to identify a email or similary any other multi valued attribut. David 2014/1/10 Phil Hunt > Why do you feel you need an identifier when you already have type? > > Phil > > @independentid > www.independentid.com > phil.hunt@oracle.com > > On 2014-01-10, at 8:51 AM, David Moebius wrote: > > Hi, > > what do you mean with your question? > I don't think the type gives us any trouble with this approach or do I > don't see something? > > David > > > > 2014/1/10 Phil Hunt > >> Did you consider "type"? >> >> Phil >> >> @independentid >> www.independentid.com >> phil.hunt@oracle.com >> >> On 2014-01-10, at 3:05 AM, David Moebius wrote: >> >> Hi, >> >> this is a proposal to add id's to every single Multi-Valued Attribute. >> >> Why? >> >> For example I want to change my primary email address. Since it is a >> multi valued attribute I can't just change the value. Instead I need to >> delete my old primary address and add a new email address which is set to >> primary = true. >> >> We think it would be easier if I just could sent an email value and the >> id in which the value should be set. >> >> What do you think about this? >> >> by David >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >> >> >> > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > --047d7bea385a3f65aa04efd5dc94 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi,

ok, that you mean. As we understand the type is= not enough.=A0
From our understanding of the scim spec it is (and shoul= d) possible to have several mail addresses of the same type.

For exa= mple, in my company I also have at least 3 emailadresses of the type work
As far as we understand it is not possible to have the same email addre= ss / type companation nut everthing else is possible.

For example
OK
value: d.moebius@work.de type work
value david.moebius@work.de ty= pe work

NOT OK
value: d.moeb= ius@work.de type work primary true
value: d.moebius@work.de type work primary false

That's why the type is not enough and at the moment we need the val= ue and the type (but not the primary status) to be able to identify a email= or similary any other multi valued attribut.

David


2014/1/10 Phil Hunt &l= t;phil.hunt@oracl= e.com>
Why do you feel you need an identifier = when you already have type?


On 2014-01-10, at 8:51 AM, David Moebius <d.moebius@tarent.de> wrote:=

Hi,
what do you mean with your question?
I don't think the type gives u= s any trouble with this approach or do I don't see something?

David



2014/1/10 Phil Hunt <phil.hunt@oracle.com>
Did you consider "type"?
=

On 2014-01-10, at 3:05 AM, David Moebius <d.moebius@tarent.de&= gt; wrote:

Hi,

this is a proposal to add id's = to every single Multi-Valued Attribute.

Why?
=

For example I want to change my primary email address. = Since it is a multi valued attribute I can't just change the value. Ins= tead I need to delete my old primary address and add a new email address wh= ich is set to primary =3D true.

We think it would be easier if I just could sent an ema= il value and the id in which the value should be set.

<= div>What do you think about this?

by David
_______________________________________________
scim mailing list
scim@ietf.org
https://= www.ietf.org/mailman/listinfo/scim


_______________________________________________
scim mailing list
scim@ietf.org
https://= www.ietf.org/mailman/listinfo/scim


--047d7bea385a3f65aa04efd5dc94-- From kelly.grizzle@sailpoint.com Mon Jan 13 07:14:19 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36CB21AE1B2 for ; Mon, 13 Jan 2014 07:14:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ju7Je7Jx3EV for ; Mon, 13 Jan 2014 07:14:14 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0184.outbound.protection.outlook.com [207.46.163.184]) by ietfa.amsl.com (Postfix) with ESMTP id D33561AE18C for ; Mon, 13 Jan 2014 07:14:13 -0800 (PST) Received: from BN1PR04MB392.namprd04.prod.outlook.com (10.141.60.151) by BN1PR04MB389.namprd04.prod.outlook.com (10.141.60.140) with Microsoft SMTP Server (TLS) id 15.0.842.7; Mon, 13 Jan 2014 15:14:01 +0000 Received: from BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.206]) by BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.206]) with mapi id 15.00.0842.003; Mon, 13 Jan 2014 15:14:01 +0000 From: Kelly Grizzle To: David Moebius , Phil Hunt Thread-Topic: [scim] id's for Multi-Valued Attributes Thread-Index: AQHPDfPtiPaeV1P0pUKJz+d96Rh/ypp+Kn2AgAACHACAAAMpgIAEJzQAgABvOCA= Date: Mon, 13 Jan 2014 15:14:01 +0000 Message-ID: References: <0617A1B3-CAA7-4536-AFAE-13A4E9712834@oracle.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-vipre-scanned: 22FEE74A00632E22FEE897 x-originating-ip: [72.182.10.254] x-forefront-prvs: 00909363D5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(377424004)(377454003)(479174003)(24454002)(199002)(189002)(76104003)(74316001)(49866001)(76576001)(56776001)(74366001)(74876001)(76786001)(65816001)(16236675002)(81816001)(76482001)(31966008)(76796001)(16601075003)(54316002)(47976001)(66066001)(63696002)(79102001)(74502001)(80022001)(92566001)(93136001)(74706001)(19609705001)(80976001)(74662001)(85852003)(69226001)(51856001)(47446002)(83072002)(19300405004)(54356001)(50986001)(53806001)(85306002)(87936001)(81342001)(561944002)(15202345003)(46102001)(19580405001)(47736001)(81686001)(33646001)(2656002)(81542001)(87266001)(59766001)(77982001)(83322001)(77096001)(90146001)(4396001)(15975445006)(19580395003)(56816005)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN1PR04MB389; H:BN1PR04MB392.namprd04.prod.outlook.com; CLIP:72.182.10.254; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en; Content-Type: multipart/alternative; boundary="_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_" MIME-Version: 1.0 X-OriginatorOrg: sailpoint.com Cc: "scim@ietf.org" Subject: Re: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 15:14:19 -0000 --_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi David ... I definitely see how the unique IDs help. In fact, this discu= ssion arose at least once or twice before when trying to figure out how to = best reference elements within a multi-valued attribute (specifically in th= e PATCH operation). The problem with unique IDs is that SCIM was designed to fit on top of exis= ting data stores (eg - a directory server, a relational database, a NoSQL d= atabase, etc...). The reasoning here is that almost all existing SCIM serv= ice providers already have data models in place, but may or may not have an= API to manage identities. Unfortunately, many backing data stores do not = have IDs for multi-valued list elements, and so we didn't want to make this= a requirement in the API. Another option would be using an index in the l= ist to modify/remove values. Likewise, this has issues that not all data s= tores support ordered values, and it is quite prone to concurrency problems= . The PATCH API dictates that unique values must be used and that if the "val= ue" sub-attribute is not unique for a multi-valued attribute that the full = value of the complex attribute should be used. Definitely not ideal, but i= t prevents putting too many requirements on the backing data store. --Kelly From: scim [mailto:scim-bounces@ietf.org] On Behalf Of David Moebius Sent: Monday, January 13, 2014 2:28 AM To: Phil Hunt Cc: scim@ietf.org Subject: Re: [scim] id's for Multi-Valued Attributes Hi, ok, that you mean. As we understand the type is not enough. >From our understanding of the scim spec it is (and should) possible to have= several mail addresses of the same type. For example, in my company I also have at least 3 emailadresses of the type= work As far as we understand it is not possible to have the same email address /= type companation nut everthing else is possible. For example OK value: d.moebius@work.de type work value david.moebius@work.de type work NOT OK value: d.moebius@work.de type work primary true value: d.moebius@work.de type work primary false That's why the type is not enough and at the moment we need the value and t= he type (but not the primary status) to be able to identify a email or simi= lary any other multi valued attribut. David 2014/1/10 Phil Hunt > Why do you feel you need an identifier when you already have type? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2014-01-10, at 8:51 AM, David Moebius > wrote: Hi, what do you mean with your question? I don't think the type gives us any trouble with this approach or do I don'= t see something? David 2014/1/10 Phil Hunt > Did you consider "type"? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2014-01-10, at 3:05 AM, David Moebius > wrote: Hi, this is a proposal to add id's to every single Multi-Valued Attribute. Why? For example I want to change my primary email address. Since it is a multi = valued attribute I can't just change the value. Instead I need to delete my= old primary address and add a new email address which is set to primary = =3D true. We think it would be easier if I just could sent an email value and the id = in which the value should be set. What do you think about this? by David _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi David … I defini= tely see how the unique IDs help.  In fact, this discussion arose at l= east once or twice before when trying to figure out how to best reference elements within a multi-valued attribute (specifically in the PATCH operat= ion).

 <= /p>

The problem with unique I= Ds is that SCIM was designed to fit on top of existing data stores (eg R= 11; a directory server, a relational database, a NoSQL database, etc…).  The reasoning here is that almost all existing SCIM ser= vice providers already have data models in place, but may or may not have a= n API to manage identities.  Unfortunately, many backing data stores d= o not have IDs for multi-valued list elements, and so we didn’t want to make this a requirement in the API.  Anoth= er option would be using an index in the list to modify/remove values. = ; Likewise, this has issues that not all data stores support ordered values= , and it is quite prone to concurrency problems.

 <= /p>

The PATCH API dictates th= at unique values must be used and that if the “value” sub-attri= bute is not unique for a multi-valued attribute that the full value of the complex attribute should be used.  Definitely not ideal, but i= t prevents putting too many requirements on the backing data store.

 <= /p>

--Kelly=

 <= /p>

From: scim [ma= ilto:scim-bounces@ietf.org] On Behalf Of David Moebius
Sent: Monday, January 13, 2014 2:28 AM
To: Phil Hunt
Cc: scim@ietf.org
Subject: Re: [scim] id's for Multi-Valued Attributes

 

Hi,

ok, that you mean. As we understand the type is not enough. 
>From our understanding of the scim spec it is (and should) possible to have= several mail addresses of the same type.

For example, in my company I also have at least 3 emailadresses of the type= work

As far as we understand it is not possible to have the same email address /= type companation nut everthing else is possible.

For example

OK
value: d.moebius@work.de type work=
value david.moebius@work.de ty= pe work

NOT OK
value: d.moebius@work.de type work= primary true
value: d.moebius@work.de type work= primary false

That's why the type is not enough and at the moment we need the value and t= he type (but not the primary status) to be able to identify a email or simi= lary any other multi valued attribut.

David

 

2014/1/10 Phil Hunt <phil.hunt@oracle.com>

Why do you feel you need an identifier when you alre= ady have type?

 

 

On 2014-01-10, at 8:51 AM, David Moebius <d.moebius@tarent.de&g= t; wrote:



Hi,

 

what do you mean with your question?

I don't think the type gives us any trouble with thi= s approach or do I don't see something?

 

David

 

 

2014/1/10 Phil Hunt <phil.hunt@oracle.com>

Did you consider "type"?

 

 

On 2014-01-10, at 3:05 AM, David Moebius <d.moebius@tarent.de&g= t; wrote:

 

Hi,

 

this is a proposal to add id's to every single Multi= -Valued Attribute.

 

Why?

 

For example I want to change my primary email addres= s. Since it is a multi valued attribute I can't just change the value. Inst= ead I need to delete my old primary address and add a new email address whi= ch is set to primary =3D true.

 

We think it would be easier if I just could sent an = email value and the id in which the value should be set.

 

What do you think about this?

 

by David

_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim

 

 

_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim

 

 

--_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_-- From d.moebius@tarent.de Mon Jan 13 09:05:57 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99C1B1ADFA3 for ; Mon, 13 Jan 2014 09:05:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.977 X-Spam-Level: X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wdskEBULw-JZ for ; Mon, 13 Jan 2014 09:05:54 -0800 (PST) Received: from mail-pb0-f71.google.com (mail-pb0-f71.google.com [209.85.160.71]) by ietfa.amsl.com (Postfix) with ESMTP id 9322D1AE165 for ; Mon, 13 Jan 2014 09:05:54 -0800 (PST) Received: by mail-pb0-f71.google.com with SMTP id uo5so18397214pbc.10 for ; Mon, 13 Jan 2014 09:05:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Qff+hG4glMOvcMAM3nD/gkJD3YKGlrYK/TjvS1YBXI0=; b=PKlLRcTJYvkuqF9YJNelWghNAcl81qyp8fGl7S1XKH5uyY42Qkkawj4jcNZqB9WPt9 puJ7//ndDiyYae6BN6FWvau7+j1PyEe1elhw9ZMOBQKvN4nE36n1gZW6pnhGHCbQIBeV NkRkp53D1BkfbhsIfRQLaPMLR70rf3I9u5ei3N0ufo3TJwphRWvQEomtCc4FH5JF8e9W Bcxy4Ps80860t5MU3/UbamafRQ9ki7RhuxQIlu6NCVgYH85XuOCdcoBobJU0pjQmhBHg 0zQd5aTDCC4MEClPTSfGm67qYA0mzi1HNMV0RZ2GaGd5kbVC8L+JOnAjnE0cj4KRr+LS Wjaw== X-Gm-Message-State: ALoCoQmN3Iwxcv4iYES18sHRpfppsf5Grzc32Ecd7cUYG7/54qvY2MnU1vMQzM2jKK6PS0FCcRyu MIME-Version: 1.0 X-Received: by 10.66.175.4 with SMTP id bw4mr31386850pac.56.1389632743223; Mon, 13 Jan 2014 09:05:43 -0800 (PST) Received: by 10.66.67.41 with HTTP; Mon, 13 Jan 2014 09:05:43 -0800 (PST) In-Reply-To: References: <0617A1B3-CAA7-4536-AFAE-13A4E9712834@oracle.com> Date: Mon, 13 Jan 2014 18:05:43 +0100 Message-ID: From: David Moebius To: Kelly Grizzle Content-Type: multipart/alternative; boundary=047d7bea385a07490304efdd16cc Cc: "scim@ietf.org" , Phil Hunt Subject: Re: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 17:05:57 -0000 --047d7bea385a07490304efdd16cc Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Kelly, thanks for your answer. Your answer describes very well why id's for the multi valued attributes should not be considered. Since this is not a very big problem we are ok with this. by David 2014/1/13 Kelly Grizzle > Hi David =85 I definitely see how the unique IDs help. In fact, this > discussion arose at least once or twice before when trying to figure out > how to best reference elements within a multi-valued attribute > (specifically in the PATCH operation). > > > > The problem with unique IDs is that SCIM was designed to fit on top of > existing data stores (eg =96 a directory server, a relational database, a > NoSQL database, etc=85). The reasoning here is that almost all existing = SCIM > service providers already have data models in place, but may or may not > have an API to manage identities. Unfortunately, many backing data store= s > do not have IDs for multi-valued list elements, and so we didn=92t want t= o > make this a requirement in the API. Another option would be using an ind= ex > in the list to modify/remove values. Likewise, this has issues that not > all data stores support ordered values, and it is quite prone to > concurrency problems. > > > > The PATCH API dictates that unique values must be used and that if the > =93value=94 sub-attribute is not unique for a multi-valued attribute that= the > full value of the complex attribute should be used. Definitely not ideal= , > but it prevents putting too many requirements on the backing data store. > > > > --Kelly > > > > *From:* scim [mailto:scim-bounces@ietf.org] *On Behalf Of *David Moebius > *Sent:* Monday, January 13, 2014 2:28 AM > *To:* Phil Hunt > *Cc:* scim@ietf.org > *Subject:* Re: [scim] id's for Multi-Valued Attributes > > > > Hi, > > ok, that you mean. As we understand the type is not enough. > >From our understanding of the scim spec it is (and should) possible to > have several mail addresses of the same type. > > For example, in my company I also have at least 3 emailadresses of the > type work > > As far as we understand it is not possible to have the same email address > / type companation nut everthing else is possible. > > For example > > OK > value: d.moebius@work.de type work > value david.moebius@work.de type work > > NOT OK > value: d.moebius@work.de type work primary true > value: d.moebius@work.de type work primary false > > That's why the type is not enough and at the moment we need the value and > the type (but not the primary status) to be able to identify a email or > similary any other multi valued attribut. > > David > > > > 2014/1/10 Phil Hunt > > Why do you feel you need an identifier when you already have type? > > > > Phil > > > > @independentid > > www.independentid.com > > phil.hunt@oracle.com > > > > On 2014-01-10, at 8:51 AM, David Moebius wrote: > > > > Hi, > > > > what do you mean with your question? > > I don't think the type gives us any trouble with this approach or do I > don't see something? > > > > David > > > > > > 2014/1/10 Phil Hunt > > Did you consider "type"? > > > > Phil > > > > @independentid > > www.independentid.com > > phil.hunt@oracle.com > > > > On 2014-01-10, at 3:05 AM, David Moebius wrote: > > > > Hi, > > > > this is a proposal to add id's to every single Multi-Valued Attribute. > > > > Why? > > > > For example I want to change my primary email address. Since it is a mult= i > valued attribute I can't just change the value. Instead I need to delete = my > old primary address and add a new email address which is set to primary = =3D > true. > > > > We think it would be easier if I just could sent an email value and the i= d > in which the value should be set. > > > > What do you think about this? > > > > by David > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --047d7bea385a07490304efdd16cc Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable
Hi Kelly,

thanks for your answer. Your answer descr= ibes very well why id's for the multi valued attributes should not be c= onsidered.
Since this is not a very big problem we are ok with this.

by David


2014/1/13 Kelly Grizzle <kelly.grizzle@sailpoint.com>

Hi David =85 I definitely= see how the unique IDs help.=A0 In fact, this discussion arose at least on= ce or twice before when trying to figure out how to best reference elements within a multi-valued attribute (specifically in the PATCH operat= ion).

=A0<= /p>

The problem with unique I= Ds is that SCIM was designed to fit on top of existing data stores (eg =96 = a directory server, a relational database, a NoSQL database, etc=85).=A0 The reasoning here is that almost all existing SCIM service pr= oviders already have data models in place, but may or may not have an API t= o manage identities.=A0 Unfortunately, many backing data stores do not have= IDs for multi-valued list elements, and so we didn=92t want to make this a requirement in the API.=A0 Another opti= on would be using an index in the list to modify/remove values.=A0 Likewise= , this has issues that not all data stores support ordered values, and it i= s quite prone to concurrency problems.

=A0<= /p>

The PATCH API dictates th= at unique values must be used and that if the =93value=94 sub-attribute is = not unique for a multi-valued attribute that the full value of the complex attribute should be used.=A0 Definitely not ideal, but it p= revents putting too many requirements on the backing data store.<= /u>

=A0<= /p>

--Kelly

=A0<= /p>

From: scim [ma= ilto:scim-bounce= s@ietf.org] On Behalf Of David Moebius
Sent: Monday, January 13, 2014 2:28 AM
To: Phil Hunt
Cc: scim@ietf.org=
Subject: Re: [scim] id's for Multi-Valued Attributes

=A0

Hi,

ok, that you mean. As we understand the type is not enough.=A0
>From our understanding of the scim spec it is (and should) possible to = have several mail addresses of the same type.

For example, in my company I also have at least 3 emailadresses of the type= work

As far as we understand it is not possible to have the same email address /= type companation nut everthing else is possible.

For example

OK
value: d.moebius@wor= k.de type work
value david.moeb= ius@work.de type work

NOT OK
value: d.moebius@wor= k.de type work primary true
value: d.moebius@wor= k.de type work primary false

That's why the type is not enough and at the moment we need the value a= nd the type (but not the primary status) to be able to identify a email or = similary any other multi valued attribut.

David

=A0

2014/1/10 Phil Hunt <phil.hunt@oracle.com>

Why do you feel you need an identifier when you alre= ady have type?

=A0

=A0

On 2014-01-10, at 8:51 AM, David Moebius <d.moebius@tarent.de&g= t; wrote:



Hi,

=A0

what do you mean with your question?

I don't think the type gives us any trouble with= this approach or do I don't see something?

=A0

David

=A0

=A0

2014/1/10 Phil Hunt <phil.hunt@oracle.com>

Did you consider "type"?

=A0

=A0

On 2014-01-10, at 3:05 AM, David Moebius <d.moebius@tarent.de&g= t; wrote:

=A0

Hi,

=A0

this is a proposal to add id's to every single M= ulti-Valued Attribute.

=A0

Why?

=A0

For example I want to change my primary email addres= s. Since it is a multi valued attribute I can't just change the value. = Instead I need to delete my old primary address and add a new email address= which is set to primary =3D true.

=A0

We think it would be easier if I just could sent an = email value and the id in which the value should be set.

=A0

What do you think about this?

=A0

by David

_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim

=A0

=A0

_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim

=A0

=A0


_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim


--047d7bea385a07490304efdd16cc-- From kelly.grizzle@sailpoint.com Mon Jan 13 15:26:36 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C80E61AE1D8 for ; Mon, 13 Jan 2014 15:26:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=unavailable Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPbg3TYY8kpg for ; Mon, 13 Jan 2014 15:26:33 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0184.outbound.protection.outlook.com [207.46.163.184]) by ietfa.amsl.com (Postfix) with ESMTP id 3B3EB1AE1EF for ; Mon, 13 Jan 2014 15:26:33 -0800 (PST) Received: from DM2PR04MB399.namprd04.prod.outlook.com ((10.141.102.15)) by DM2PR04MB399.namprd04.prod.outlook.com ((10.141.102.15)) with ShadowRedundancy id 15.0.851.11; Mon, 13 Jan 2014 23:26:14 +0000 Received: from BN1PR04MB389.namprd04.prod.outlook.com (10.141.60.140) by DM2PR04MB399.namprd04.prod.outlook.com (10.141.102.15) with Microsoft SMTP Server (TLS) id 15.0.851.11; Mon, 13 Jan 2014 15:14:02 +0000 Received: from BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.206]) by BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.206]) with mapi id 15.00.0842.003; Mon, 13 Jan 2014 15:14:01 +0000 From: Kelly Grizzle To: David Moebius , Phil Hunt Thread-Topic: [scim] id's for Multi-Valued Attributes Thread-Index: AQHPDfPtiPaeV1P0pUKJz+d96Rh/ypp+Kn2AgAACHACAAAMpgIAEJzQAgABvOCA= Date: Mon, 13 Jan 2014 15:14:01 +0000 Message-ID: References: <0617A1B3-CAA7-4536-AFAE-13A4E9712834@oracle.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-vipre-scanned: 22FEE74A00632E22FEE897 x-originating-ip: [72.182.10.254] x-forefront-prvs: 00909363D5 x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(377424004)(377454003)(479174003)(199002)(189002)(76104003)(24454002)(46102001)(561944002)(77096001)(74706001)(49866001)(74316001)(19580395003)(33646001)(74366001)(56816005)(85306002)(90146001)(51856001)(80976001)(4396001)(87266001)(50986001)(19300405004)(47976001)(54316002)(56776001)(59766001)(76482001)(77982001)(83322001)(19580405001)(87936001)(47736001)(80022001)(65816001)(66066001)(81542001)(92566001)(15202345003)(16601075003)(93136001)(63696002)(79102001)(19609705001)(83072002)(76576001)(81686001)(85852003)(54356001)(53806001)(15975445006)(81342001)(2656002)(69226001)(74502001)(31966008)(47446002)(81816001)(74876001)(16236675002)(76786001)(74662001)(76796001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR04MB399; H:BN1PR04MB389.namprd04.prod.outlook.com; CLIP:72.182.10.254; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en; Content-Type: multipart/alternative; boundary="_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_" MIME-Version: 1.0 X-OriginatorOrg: sailpoint.com Cc: "scim@ietf.org" Subject: Re: [scim] id's for Multi-Valued Attributes X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jan 2014 23:26:37 -0000 --_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi David ... I definitely see how the unique IDs help. In fact, this discu= ssion arose at least once or twice before when trying to figure out how to = best reference elements within a multi-valued attribute (specifically in th= e PATCH operation). The problem with unique IDs is that SCIM was designed to fit on top of exis= ting data stores (eg - a directory server, a relational database, a NoSQL d= atabase, etc...). The reasoning here is that almost all existing SCIM serv= ice providers already have data models in place, but may or may not have an= API to manage identities. Unfortunately, many backing data stores do not = have IDs for multi-valued list elements, and so we didn't want to make this= a requirement in the API. Another option would be using an index in the l= ist to modify/remove values. Likewise, this has issues that not all data s= tores support ordered values, and it is quite prone to concurrency problems= . The PATCH API dictates that unique values must be used and that if the "val= ue" sub-attribute is not unique for a multi-valued attribute that the full = value of the complex attribute should be used. Definitely not ideal, but i= t prevents putting too many requirements on the backing data store. --Kelly From: scim [mailto:scim-bounces@ietf.org] On Behalf Of David Moebius Sent: Monday, January 13, 2014 2:28 AM To: Phil Hunt Cc: scim@ietf.org Subject: Re: [scim] id's for Multi-Valued Attributes Hi, ok, that you mean. As we understand the type is not enough. >From our understanding of the scim spec it is (and should) possible to have= several mail addresses of the same type. For example, in my company I also have at least 3 emailadresses of the type= work As far as we understand it is not possible to have the same email address /= type companation nut everthing else is possible. For example OK value: d.moebius@work.de type work value david.moebius@work.de type work NOT OK value: d.moebius@work.de type work primary true value: d.moebius@work.de type work primary false That's why the type is not enough and at the moment we need the value and t= he type (but not the primary status) to be able to identify a email or simi= lary any other multi valued attribut. David 2014/1/10 Phil Hunt > Why do you feel you need an identifier when you already have type? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2014-01-10, at 8:51 AM, David Moebius > wrote: Hi, what do you mean with your question? I don't think the type gives us any trouble with this approach or do I don'= t see something? David 2014/1/10 Phil Hunt > Did you consider "type"? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2014-01-10, at 3:05 AM, David Moebius > wrote: Hi, this is a proposal to add id's to every single Multi-Valued Attribute. Why? For example I want to change my primary email address. Since it is a multi = valued attribute I can't just change the value. Instead I need to delete my= old primary address and add a new email address which is set to primary = =3D true. We think it would be easier if I just could sent an email value and the id = in which the value should be set. What do you think about this? by David _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi David … I defini= tely see how the unique IDs help.  In fact, this discussion arose at l= east once or twice before when trying to figure out how to best reference elements within a multi-valued attribute (specifically in the PATCH operat= ion).

 <= /p>

The problem with unique I= Ds is that SCIM was designed to fit on top of existing data stores (eg R= 11; a directory server, a relational database, a NoSQL database, etc…).  The reasoning here is that almost all existing SCIM ser= vice providers already have data models in place, but may or may not have a= n API to manage identities.  Unfortunately, many backing data stores d= o not have IDs for multi-valued list elements, and so we didn’t want to make this a requirement in the API.  Anoth= er option would be using an index in the list to modify/remove values. = ; Likewise, this has issues that not all data stores support ordered values= , and it is quite prone to concurrency problems.

 <= /p>

The PATCH API dictates th= at unique values must be used and that if the “value” sub-attri= bute is not unique for a multi-valued attribute that the full value of the complex attribute should be used.  Definitely not ideal, but i= t prevents putting too many requirements on the backing data store.

 <= /p>

--Kelly=

 <= /p>

From: scim [ma= ilto:scim-bounces@ietf.org] On Behalf Of David Moebius
Sent: Monday, January 13, 2014 2:28 AM
To: Phil Hunt
Cc: scim@ietf.org
Subject: Re: [scim] id's for Multi-Valued Attributes

 

Hi,

ok, that you mean. As we understand the type is not enough. 
>From our understanding of the scim spec it is (and should) possible to have= several mail addresses of the same type.

For example, in my company I also have at least 3 emailadresses of the type= work

As far as we understand it is not possible to have the same email address /= type companation nut everthing else is possible.

For example

OK
value: d.moebius@work.de type work=
value david.moebius@work.de ty= pe work

NOT OK
value: d.moebius@work.de type work= primary true
value: d.moebius@work.de type work= primary false

That's why the type is not enough and at the moment we need the value and t= he type (but not the primary status) to be able to identify a email or simi= lary any other multi valued attribut.

David

 

2014/1/10 Phil Hunt <phil.hunt@oracle.com>

Why do you feel you need an identifier when you alre= ady have type?

 

 

On 2014-01-10, at 8:51 AM, David Moebius <d.moebius@tarent.de&g= t; wrote:



Hi,

 

what do you mean with your question?

I don't think the type gives us any trouble with thi= s approach or do I don't see something?

 

David

 

 

2014/1/10 Phil Hunt <phil.hunt@oracle.com>

Did you consider "type"?

 

 

On 2014-01-10, at 3:05 AM, David Moebius <d.moebius@tarent.de&g= t; wrote:

 

Hi,

 

this is a proposal to add id's to every single Multi= -Valued Attribute.

 

Why?

 

For example I want to change my primary email addres= s. Since it is a multi valued attribute I can't just change the value. Inst= ead I need to delete my old primary address and add a new email address whi= ch is set to primary =3D true.

 

We think it would be easier if I just could sent an = email value and the id in which the value should be set.

 

What do you think about this?

 

by David

_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim

 

 

_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim

 

 

--_000_c46db67db4e64bf689bae95b49c19affBN1PR04MB392namprd04pro_-- From moransar@cisco.com Wed Jan 15 09:25:30 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2738E1AE116 for ; Wed, 15 Jan 2014 09:25:30 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.039 X-Spam-Level: X-Spam-Status: No, score=-15.039 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JXpflJkxp8eo for ; Wed, 15 Jan 2014 09:25:29 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id 15F401AE0E7 for ; Wed, 15 Jan 2014 09:25:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=104; q=dns/txt; s=iport; t=1389806717; x=1391016317; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=0I5JJoJLpIEuM/9NXkf7cAU4ma64VTRtOW5K9NI5dVE=; b=dWbc3gyDp1A9QK9mshbW7cfFlp6DrzlmuOrVrc3W0hdS6J4PdmGwkwv/ FFqI1hIeiZOjFXQXVLwSsCcYFiO2v1RSEMSmDsvwfSm/lBZHGiDQTaD14 sjQXPv3VWlgkaDKzyAa33Aw5q+ksRliWcFkQMzei4bEkAnBRRfIhZCan0 o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgEFAInD1lKtJV2Z/2dsb2JhbABZgwu9JRZ0giw6UQE+QiYBBIgXmQCqexeSKoETBJggkhWDLQ X-IronPort-AV: E=Sophos;i="4.95,664,1384300800"; d="scan'208";a="297543295" Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP; 15 Jan 2014 17:25:17 +0000 Received: from xhc-rcd-x06.cisco.com (xhc-rcd-x06.cisco.com [173.37.183.80]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s0FHPH8a014715 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for ; Wed, 15 Jan 2014 17:25:17 GMT Received: from xmb-rcd-x08.cisco.com ([169.254.8.83]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.03.0123.003; Wed, 15 Jan 2014 11:25:17 -0600 From: "Morteza Ansari (moransar)" To: "scim@ietf.org" Thread-Topic: Reminder - SCIM WG call today @11A Thread-Index: Ac8SFsFRz1ynrcfhRPukCu8DxuIkbw== Date: Wed, 15 Jan 2014 17:25:15 +0000 Message-ID: <416D1C1B-94EE-4BFE-A2B3-921513CBDEF8@cisco.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-ID: <3ABBB9A898C4F74699B4EBC4DE35B7A4@emea.cisco.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [scim] Reminder - SCIM WG call today @11A X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 17:25:30 -0000 Just a reminder that we have the biweekly call today at 11AM pacific time.= =20 Cheers, Morteza From leifj@mnt.se Wed Jan 15 11:04:13 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE4C31AE124 for ; Wed, 15 Jan 2014 11:04:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-s1K1K0UmaA for ; Wed, 15 Jan 2014 11:04:12 -0800 (PST) Received: from mail-la0-f47.google.com (mail-la0-f47.google.com [209.85.215.47]) by ietfa.amsl.com (Postfix) with ESMTP id E673C1ADFAE for ; Wed, 15 Jan 2014 11:04:11 -0800 (PST) Received: by mail-la0-f47.google.com with SMTP id eh20so1762110lab.20 for ; Wed, 15 Jan 2014 11:03:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=7GZGB69/kntN11KQPsx5gfSC1mZsgZzDnOk34dHysXI=; b=QiIE75A1gAypIH2ykjhp16jlVM9MKttGK8UcCdQECj5Elm9/sY28sh8SkD8mkLevXM oEatlgJQq/OlkcRqgMjBbRFv7n3FeaEOvcBFHUt8wfbglP2pIrTCYAuayMrWshdOMlcN es/vJm3WRO9GgyydGZ7SmHX2vILx84kJUIHSUsHpGoxiU1z9sr01AXd2ORPWZXvqy1d1 7DOd31pDxxwvBnhfYSXtGzuRMosKKzgQU4hp6/upCygdFyufWdkn9ZFdGPaZhi4WLslW MwnNbT3Sk71roWTQ2JBkYFGDwvnU+zxG9nLreTn/Jy397S3ryQ1MSzmS3pObKiOhppMw 8IKw== X-Gm-Message-State: ALoCoQliPxLMZLAy7K/PkS/3nMtsThypLGnYSX3TlKrJddEqkmyyGDUeiswECfD7D/ntcHfCC0L8 X-Received: by 10.112.160.196 with SMTP id xm4mr2443734lbb.34.1389812639502; Wed, 15 Jan 2014 11:03:59 -0800 (PST) Received: from [10.0.0.151] (tb62-102-145-131.cust.teknikbyran.com. [62.102.145.131]) by mx.google.com with ESMTPSA id tc8sm2950908lbb.9.2014.01.15.11.03.58 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 15 Jan 2014 11:03:58 -0800 (PST) Message-ID: <52D6DB9E.9010102@mnt.se> Date: Wed, 15 Jan 2014 20:03:58 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: scim@ietf.org References: <416D1C1B-94EE-4BFE-A2B3-921513CBDEF8@cisco.com> In-Reply-To: <416D1C1B-94EE-4BFE-A2B3-921513CBDEF8@cisco.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [scim] Reminder - SCIM WG call today @11A X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 19:04:13 -0000 On 2014-01-15 18:25, Morteza Ansari (moransar) wrote: > Just a reminder that we have the biweekly call today at 11AM pacific time. > > > It appears I don't have host rights on the webex. Does anyone else have the ability to start the call? From phil.hunt@oracle.com Wed Jan 15 11:04:53 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E9D31AE124 for ; Wed, 15 Jan 2014 11:04:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.739 X-Spam-Level: X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LhF4pspHtAJ7 for ; Wed, 15 Jan 2014 11:04:52 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 0770D1ADFAE for ; Wed, 15 Jan 2014 11:04:51 -0800 (PST) Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0FJ4dgi009355 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 15 Jan 2014 19:04:39 GMT Received: from aserz7022.oracle.com (aserz7022.oracle.com [141.146.126.231]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0FJ4c41013426 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Jan 2014 19:04:38 GMT Received: from abhmp0008.oracle.com (abhmp0008.oracle.com [141.146.116.14]) by aserz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0FJ4b7g001253; Wed, 15 Jan 2014 19:04:37 GMT Received: from [192.168.1.124] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 15 Jan 2014 11:04:37 -0800 Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Phil Hunt In-Reply-To: <416D1C1B-94EE-4BFE-A2B3-921513CBDEF8@cisco.com> Date: Wed, 15 Jan 2014 11:04:35 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <8939214E-A5F5-4BE3-AA45-DF46F3865F41@oracle.com> References: <416D1C1B-94EE-4BFE-A2B3-921513CBDEF8@cisco.com> To: "Morteza Ansari (moransar)" X-Mailer: Apple Mail (2.1510) X-Source-IP: ucsinet21.oracle.com [156.151.31.93] Cc: "scim@ietf.org" Subject: Re: [scim] Reminder - SCIM WG call today @11A X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 19:04:53 -0000 Am unable to join call. The meeting link points to Jan 22 rather than = Jan 15. Is there a new link? Phil @independentid www.independentid.com phil.hunt@oracle.com On 2014-01-15, at 9:25 AM, "Morteza Ansari (moransar)" = wrote: > Just a reminder that we have the biweekly call today at 11AM pacific = time.=20 >=20 >=20 > Cheers, > Morteza > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim From leifj@sunet.se Wed Jan 15 11:08:41 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A101B1AE13A for ; Wed, 15 Jan 2014 11:08:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.309 X-Spam-Level: X-Spam-Status: No, score=-1.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RP_MATCHES_RCVD=-0.538, SPF_NEUTRAL=0.779] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zFIyM90ichvt for ; Wed, 15 Jan 2014 11:08:39 -0800 (PST) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) by ietfa.amsl.com (Postfix) with ESMTP id B82981AE124 for ; Wed, 15 Jan 2014 11:08:38 -0800 (PST) Received: from smtp1.sunet.se (smtp1.sunet.se [IPv6:2001:6b0:8:2::214]) by e-mailfilter01.sunet.se (8.14.3/8.14.3/Debian-9.4) with ESMTP id s0FJ8PTd003135 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 15 Jan 2014 20:08:25 +0100 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.4/8.14.4) with ESMTP id s0FJ8MUx017150 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 15 Jan 2014 20:08:24 +0100 (CET) X-Footer: c3VuZXQuc2U= Received: from [10.0.0.151] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.2.2) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256 bits)) for scim@ietf.org; Wed, 15 Jan 2014 20:08:21 +0100 Message-ID: <52D6DCA5.3070905@sunet.se> Date: Wed, 15 Jan 2014 20:08:21 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: "scim@ietf.org" X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, sunet-se:default, base:default, @@RPTN) X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09Lej8pSw - 6b8e4fe7017e - 20140115 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw X-Scanned-By: CanIt (www . roaringpenguin . com) Subject: [scim] temporary confcall venue X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 19:08:41 -0000 Since I am unable to start the webex, lets all regroup here: https://connect.sunet.se/leifj/ From leifj@sunet.se Wed Jan 15 11:55:12 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F3E61AE128; Wed, 15 Jan 2014 11:55:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.309 X-Spam-Level: X-Spam-Status: No, score=-1.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RP_MATCHES_RCVD=-0.538, SPF_NEUTRAL=0.779] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZadbZpYqzI6v; Wed, 15 Jan 2014 11:55:10 -0800 (PST) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) by ietfa.amsl.com (Postfix) with ESMTP id 114B41AE112; Wed, 15 Jan 2014 11:55:09 -0800 (PST) Received: from smtp1.sunet.se (smtp1.sunet.se [IPv6:2001:6b0:8:2::214]) by e-mailfilter01.sunet.se (8.14.3/8.14.3/Debian-9.4) with ESMTP id s0FJsvir014161 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 15 Jan 2014 20:54:57 +0100 Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.4/8.14.4) with ESMTP id s0FJss2w019685 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Jan 2014 20:54:56 +0100 (CET) X-Footer: c3VuZXQuc2U= Received: from [10.0.0.151] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 8.2.2) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256 bits)); Wed, 15 Jan 2014 20:54:52 +0100 Message-ID: <52D6E78C.10606@sunet.se> Date: Wed, 15 Jan 2014 20:54:52 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: "scim@ietf.org" X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, sunet-se:default, base:default, @@RPTN) X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=62.0000; longitude=15.0000; http://maps.google.com/maps?q=62.0000,15.0000&z=6 X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default) X-Canit-Stats-ID: 09LejSVdH - f413868eeb9f - 20140115 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw X-Scanned-By: CanIt (www . roaringpenguin . com) Cc: ietf-secretariat@ietf.org Subject: [scim] notes from SCIM confcall 15/1 X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 19:55:12 -0000 The confcall had some user-centric technical difficulties and was promptly moved to https://connect.sunet.se/leifj/ (this was announced on the list) Present: Chris Philips (first 30 minutes) Phil Hunt Mark Diodati Kelly Grizzle Leif Johansson Björn Annestad Notes: # ISSUE 11 Some discussion on the call but Chris will respin the issue on the list to get more input. # ISSUE 55 308 - RESTful redirects * Phil to raise issue with the HTTP wg. Write I-D # ISSUE 56 Kelly & Mark agrees with Phils suggestion on going for consistency over backwards compat. Goal for 03: * Low hanging fruit * Complex attributes Goal for 04: * Major changes with existing consensus Goal for London: * 03+04+close some of the tracker issues LDAP profile * lack of complex attributes a key issue * finished with discussion on the value of LDAP schema mappings in general From phil.hunt@oracle.com Wed Jan 15 16:04:01 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A548F1AE452 for ; Wed, 15 Jan 2014 16:04:01 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.738 X-Spam-Level: X-Spam-Status: No, score=-4.738 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PPqkhF4TiQNq for ; Wed, 15 Jan 2014 16:04:00 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 243B31AE425 for ; Wed, 15 Jan 2014 16:04:00 -0800 (PST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0G03i0s006660 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 16 Jan 2014 00:03:45 GMT Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0G03hKX013602 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Jan 2014 00:03:44 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userz7022.oracle.com (8.14.5+Sun/8.14.4) with ESMTP id s0G03gVl013986; Thu, 16 Jan 2014 00:03:42 GMT Received: from [192.168.1.124] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 15 Jan 2014 16:03:42 -0800 Content-Type: multipart/alternative; boundary="Apple-Mail=_6B7EF799-9B8C-421E-889E-70EA5EA798DB" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Phil Hunt Date: Wed, 15 Jan 2014 16:03:41 -0800 Message-Id: References: <20140115235244.16760.60938.idtracker@ietfa.amsl.com> To: "scim@ietf.org WG" , ietf-http-wg@w3.org X-Mailer: Apple Mail (2.1510) X-Source-IP: acsinet21.oracle.com [141.146.126.237] Cc: Barry Leiba Subject: [scim] Fwd: New Version Notification for draft-hunt-http-rest-redirect-00.txt X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2014 00:04:01 -0000 --Apple-Mail=_6B7EF799-9B8C-421E-889E-70EA5EA798DB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii In the SCIM working group, the issue came up as to what to do about HTTP = Redirects for RESTful services (of which SCIM is one). On Leif's = suggestion, I put together a quick draft covering the topic to raise to = the HTTPbis working group as this seems to apply to all RESTful = services. I also note that there is an existing draft = http://datatracker.ietf.org/doc/draft-reschke-http-status-308/, which I = have referenced in this draft. Phil @independentid www.independentid.com phil.hunt@oracle.com Begin forwarded message: > From: internet-drafts@ietf.org > Subject: New Version Notification for = draft-hunt-http-rest-redirect-00.txt > Date: 15 January, 2014 3:52:44 PM PST > To: Phil Hunt , "Phil Hunt" >=20 >=20 > A new version of I-D, draft-hunt-http-rest-redirect-00.txt > has been successfully submitted by Phil Hunt and posted to the > IETF repository. >=20 > Name: draft-hunt-http-rest-redirect > Revision: 00 > Title: HTTP Redirect Codes for RESTful Services > Document date: 2014-01-16 > Group: Individual Submission > Pages: 5 > URL: = http://www.ietf.org/internet-drafts/draft-hunt-http-rest-redirect-00.txt > Status: = https://datatracker.ietf.org/doc/draft-hunt-http-rest-redirect/ > Htmlized: = http://tools.ietf.org/html/draft-hunt-http-rest-redirect-00 >=20 >=20 > Abstract: > This specification clarifies the use of HTTP redirect codes when = used > with RESTful services. >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat >=20 --Apple-Mail=_6B7EF799-9B8C-421E-889E-70EA5EA798DB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii In = the SCIM working group, the issue came up as to what to do about HTTP = Redirects for RESTful services (of which SCIM is one). On Leif's = suggestion, I put together a quick draft covering the topic to raise to = the HTTPbis working group as this seems to apply to all RESTful = services.

I also note that there is an existing = draft ht= tp://datatracker.ietf.org/doc/draft-reschke-http-status-308/, which = I have referenced in this draft.

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com
=

Begin forwarded message:

Subject: New Version Notification for = draft-hunt-http-rest-redirect-00.txt
Date: 15 January, 2014 = 3:52:44 PM PST
To: Phil Hunt <phil.hunt@yahoo.com>, "Phil = Hunt" <phil.hunt@yahoo.com>
=


A new version of I-D, = draft-hunt-http-rest-redirect-00.txt
has been successfully submitted = by Phil Hunt and posted to the
IETF repository.

Name: = draft-hunt-http-rest-redirect
Revision: = 00
Title: HTTP Redirect Codes for RESTful = Services
Document date: 2014-01-16
Group: = Individual Submission
Pages: 5
URL: =            http://www.ietf.org/internet-drafts/draft-hunt-http-rest-redirect-= 00.txt
Status:         h= ttps://datatracker.ietf.org/doc/draft-hunt-http-rest-redirect/
Html= ized:       http:= //tools.ietf.org/html/draft-hunt-http-rest-redirect-00


Abst= ract:
  This specification clarifies the use of HTTP = redirect codes when used
  with RESTful = services.




Please note that it may take a couple of = minutes from the time of submission
until the htmlized version and = diff are available at tools.ietf.org.

The IETF = Secretariat


= --Apple-Mail=_6B7EF799-9B8C-421E-889E-70EA5EA798DB-- From phil.hunt@oracle.com Thu Jan 16 07:43:21 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882AD1AE37E for ; Thu, 16 Jan 2014 07:43:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.739 X-Spam-Level: X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjhJqJpAWvXT for ; Thu, 16 Jan 2014 07:43:19 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id BC7CB1ADED7 for ; Thu, 16 Jan 2014 07:43:19 -0800 (PST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0GFh1ix030314 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 16 Jan 2014 15:43:02 GMT Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0GFh1QK016380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 16 Jan 2014 15:43:01 GMT Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0GFh0GI006304; Thu, 16 Jan 2014 15:43:01 GMT Received: from [192.168.1.125] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 16 Jan 2014 07:43:00 -0800 References: <20140115235244.16760.60938.idtracker@ietfa.amsl.com> <52D7A208.8060603@gmx.de> Mime-Version: 1.0 (1.0) In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <47BA30BF-D4E2-434C-A6E8-83FC9BED2BC2@oracle.com> X-Mailer: iPhone Mail (11B554a) From: Phil Hunt Date: Thu, 16 Jan 2014 07:42:56 -0800 To: Mark Baker X-Source-IP: acsinet22.oracle.com [141.146.126.238] Cc: Julian Reschke , "scim@ietf.org WG" , Barry Leiba , "ietf-http-wg@w3.org Group" Subject: Re: [scim] New Version Notification for draft-hunt-http-rest-redirect-00.txt X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2014 15:43:21 -0000 Assuming you are refering to the 308 redirect draft. What is the current ref= erence for 308? REST services need redirects that do not convert to GET. That would corrupt t= he operation.=20 Phil > On Jan 16, 2014, at 7:21, Mark Baker wrote: >=20 >> On Thu, Jan 16, 2014 at 4:10 AM, Julian Reschke w= rote: >>> On 2014-01-16 01:03, Phil Hunt wrote: >>>=20 >>> In the SCIM working group, the issue came up as to what to do about HTTP= >>> Redirects for RESTful services (of which SCIM is one). On Leif's >>> suggestion, I put together a quick draft covering the topic to raise to >>> the HTTPbis working group as this seems to apply to all RESTful services= . >>>=20 >>> I also note that there is an existing draft >>> http://datatracker.ietf.org/doc/draft-reschke-http-status-308/, which I >>> have referenced in this draft. >>>=20 >>> Phil >>> ... >>=20 >>=20 >> -1 >=20 > +1 to your -1 >=20 >>=20 >> a) You reference an outdated spec. >>=20 >> b) You have statements about the existing redirection codes that are in >> conflict with the relevant specs. >=20 > c) you specify a protocol that is known to be incompatible with > deployed implementations and inconsistent with REST and Web > architecture in significant ways >=20 >>=20 >> What problem are you trying to solve here? >=20 > News to me, but SCIM is apparently an IETF WG; >=20 > https://datatracker.ietf.org/wg/scim/charter/ >=20 > IMO, this draft doesn't bode well for the ability of the group to meet > its (REST-oriented) charter, or for implementations to be deployed > while interoperating properly with existing Web infrastructure. >=20 > Mark. From phil.hunt@oracle.com Thu Jan 16 08:00:42 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F0D01AE0E2 for ; Thu, 16 Jan 2014 08:00:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.739 X-Spam-Level: X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dybCepUS6OiX for ; Thu, 16 Jan 2014 08:00:40 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id C438E1AE392 for ; Thu, 16 Jan 2014 08:00:40 -0800 (PST) Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0GG0LAg022091 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 16 Jan 2014 16:00:22 GMT Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s0GG0LWN023105 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 16 Jan 2014 16:00:21 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0GG0KhZ009017; Thu, 16 Jan 2014 16:00:21 GMT Received: from [192.168.1.125] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 16 Jan 2014 08:00:20 -0800 References: <20140115235244.16760.60938.idtracker@ietfa.amsl.com> <52D7A208.8060603@gmx.de> <47BA30BF-D4E2-434C-A6E8-83FC9BED2BC2@oracle.com> <52D7FFB7.3080608@gmx.de> Mime-Version: 1.0 (1.0) In-Reply-To: <52D7FFB7.3080608@gmx.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <712C2CB0-5AA1-465D-B174-0023FA7FAE05@oracle.com> X-Mailer: iPhone Mail (11B554a) From: Phil Hunt Date: Thu, 16 Jan 2014 08:00:17 -0800 To: Julian Reschke X-Source-IP: ucsinet22.oracle.com [156.151.31.94] Cc: Mark Baker , Barry Leiba , "ietf-http-wg@w3.org Group" , "scim@ietf.org WG" Subject: Re: [scim] New Version Notification for draft-hunt-http-rest-redirect-00.txt X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2014 16:00:42 -0000 Thanks. 2616 should be changed.=20 I am open to broadening applicability to all non-browser HTTP services.=20 Phil > On Jan 16, 2014, at 7:50, Julian Reschke wrote: >=20 >> On 2014-01-16 16:42, Phil Hunt wrote: >> Assuming you are refering to the 308 redirect draft. What is the current r= eference for 308? >=20 > No, I'm referring to citing RFC 2616. >=20 >> REST services need redirects that do not convert to GET. That would corru= pt the operation. >=20 > Yes. For some value of "Rest services"; I'd recommend to avoid that term a= ltogether; just define an HTTP based service that makes sense and uses HTTP p= roperly. >=20 >=20 > Best regards, Julian >=20 From phil.hunt@oracle.com Thu Jan 16 08:15:29 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF5AC1AE3AC for ; Thu, 16 Jan 2014 08:15:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.739 X-Spam-Level: X-Spam-Status: No, score=-4.739 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tBA-HM9FxwMA for ; Thu, 16 Jan 2014 08:15:28 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id F1DBD1AE36C for ; Thu, 16 Jan 2014 08:15:27 -0800 (PST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0GGF9AZ011024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 16 Jan 2014 16:15:09 GMT Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0GGF8Bv015564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 16 Jan 2014 16:15:09 GMT Received: from abhmp0001.oracle.com (abhmp0001.oracle.com [141.146.116.7]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0GGF7hb026103; Thu, 16 Jan 2014 16:15:07 GMT Received: from [192.168.1.125] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 16 Jan 2014 08:15:07 -0800 References: <20140115235244.16760.60938.idtracker@ietfa.amsl.com> <52D7A208.8060603@gmx.de> <47BA30BF-D4E2-434C-A6E8-83FC9BED2BC2@oracle.com> <52D7FFB7.3080608@gmx.de> <712C2CB0-5AA1-465D-B174-0023FA7FAE05@oracle.com> <52D802B4.4040908@gmx.de> Mime-Version: 1.0 (1.0) In-Reply-To: <52D802B4.4040908@gmx.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: X-Mailer: iPhone Mail (11B554a) From: Phil Hunt Date: Thu, 16 Jan 2014 08:15:04 -0800 To: Julian Reschke X-Source-IP: acsinet21.oracle.com [141.146.126.237] Cc: Mark Baker , Barry Leiba , "ietf-http-wg@w3.org Group" , "scim@ietf.org WG" Subject: Re: [scim] New Version Notification for draft-hunt-http-rest-redirect-00.txt X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jan 2014 16:15:29 -0000 Thanks. I believe http://tools.ietf.org/search/draft-ietf-httpbis-p2-semanti= cs-25 does cover the issue.=20 Though Phil > On Jan 16, 2014, at 8:03, Julian Reschke wrote: >=20 >> On 2014-01-16 17:00, Phil Hunt wrote: >> Thanks. 2616 should be changed. >=20 > The point being that the definitions of the redirect codes have been rewri= tten a lot in HTTPbis. >=20 > Optimally, there is no need to have an additional document *at all*. >=20 >> ... >=20 > Best regards, Julian From julian.reschke@gmx.de Fri Jan 17 01:29:32 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CE341ADF4F for ; Fri, 17 Jan 2014 01:29:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLpz_X7ewG9L for ; Fri, 17 Jan 2014 01:29:31 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id A18281ADDDA for ; Fri, 17 Jan 2014 01:29:30 -0800 (PST) Received: from [192.168.1.102] ([93.217.72.220]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0Lkiqm-1VVqqf0UKq-00aRka for ; Fri, 17 Jan 2014 10:29:17 +0100 Message-ID: <52D8F7E5.9020603@gmx.de> Date: Fri, 17 Jan 2014 10:29:09 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: scim@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:6b/ovLy0dV3QE7+bY6+NFNg/nniRGWNL0truFy6RLWVP94U5idS Z+moAd0Zi3WOrslZQjgOQTiOGOLT75Az99/xKaqPwq3ePub17YbF30DuECWUVCawj+7Ff9H lwnX3NeIbX6sbJSq6uNPzaytLwJxgDlFBYl86/gUtMQ2Escpb6xuQoIpuldiALPBapF48ux RnULUYDfXXbp5GeDk+a3g== Subject: [scim] draft-ietf-scim-api: use of PATCH with content-type application/json X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2014 09:29:32 -0000 Hi there, it seems that this draft uses application/json with a PATCH request. However, there are no PATCH semantics defined for this type. You may want to have a look at draft-ietf-appsawg-json-merge-patch (which defines a new type for this purpose). Best regards, Julian From matthew.a.randall@gmail.com Fri Jan 17 11:10:11 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4742B1AE146 for ; Fri, 17 Jan 2014 11:10:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MmptjjbGOFrI for ; Fri, 17 Jan 2014 11:10:09 -0800 (PST) Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id C374A1A1F71 for ; Fri, 17 Jan 2014 11:10:09 -0800 (PST) Received: by mail-pa0-f42.google.com with SMTP id kl14so4536000pab.1 for ; Fri, 17 Jan 2014 11:09:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=k09TyrCCeyd8u2W7L2vHy4wj3N21ccpLfZMoimS3uFM=; b=iLIPXtGSLy7A/SNSyHwXudKgS7AUVRCRpXsEvp/vCddbce2oAFy9fpNj3kyeglzvtI MAshpmwLyq/8fg9xr1tL5qwLd0FT0DNFSNJuXWOykyM7pxZJFay6KZYB1dIb/cSAGDdy W/6AddkG67dgy1daG4pnJA8shPlbjDbyppZe8cipububtXBEALTbV77rEVRrzxeevVKj MIcsjom4DBBOlgUPE6oFT12QJGg0Z/MUgBHYJjQjCWikiv4MrNBOxyhpsoeYrtW+8xjL mJjBDqf9DLeCToQvhlbzFJ1u33pZ42xSzJVvbUkEkaCmRN9eTm4BG/OJ//98rMwfrQKo XTNA== MIME-Version: 1.0 X-Received: by 10.68.171.99 with SMTP id at3mr115867pbc.109.1389985797373; Fri, 17 Jan 2014 11:09:57 -0800 (PST) Received: by 10.68.35.69 with HTTP; Fri, 17 Jan 2014 11:09:57 -0800 (PST) Date: Fri, 17 Jan 2014 13:09:57 -0600 Message-ID: From: Matt Randall To: "scim@ietf.org" Content-Type: multipart/alternative; boundary=047d7bacbad8b2060604f02f4900 Subject: [scim] HTTP Status code for successful DELETE X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2014 19:10:11 -0000 --047d7bacbad8b2060604f02f4900 Content-Type: text/plain; charset=ISO-8859-1 Section 3.4 (Deleting Resources) of the 1.1 and 2.0 specification provides the example of a 200 OK response for a successful delete. The specification does not explicitly indicate whether a 200 or 204 should be returned. Depending on whether a server is serving additional header metadata associated with that operation, it would seem that either could be a valid response. We've found certain implementations of SCIM clients expect an exact value of 200 OK. My questions: - Should this be clarified in the specification? - Should 204 also be accepted by SCIM clients in response to a successful DELETE operation? Thank you. --047d7bacbad8b2060604f02f4900 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Section 3.4 (Deleting Resources) of the 1.1= and 2.0 specification provides the example of a 200 OK response for a succ= essful delete.=A0 The specification does not explicitly indicate whether a = 200 or 204 should be returned.=A0 Depending on whether a server is serving = additional header metadata associated with that operation, it would seem th= at either could be a valid response.=A0 We've found certain implementat= ions of SCIM clients expect an exact value of 200 OK.

My questions:

- Should this be clari= fied in the specification?
- Should 204 also be accepted by SCIM c= lients in response to a successful DELETE operation?

Thank you= .
--047d7bacbad8b2060604f02f4900-- From julian.reschke@gmx.de Fri Jan 17 11:31:29 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9389E1A1F63 for ; Fri, 17 Jan 2014 11:31:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DR7t4dE6lE8S for ; Fri, 17 Jan 2014 11:31:27 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id 96E011A1F00 for ; Fri, 17 Jan 2014 11:31:27 -0800 (PST) Received: from [192.168.1.102] ([217.91.35.233]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MNO33-1VxORv0SuP-006sqZ for ; Fri, 17 Jan 2014 20:31:14 +0100 Message-ID: <52D984F8.8010204@gmx.de> Date: Fri, 17 Jan 2014 20:31:04 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Matt Randall , "scim@ietf.org" References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:pxJPCLvWlftdyue7spOByteC/Uh0If6eMTP2CXdguUdR2Yn1bSH kavxKbndtan2f5Ea5qiiMXSzBCrpYe7vW5T/fMr8KjF/QEIt0bNQ5hhUuxDLapQJFSF6eKH nS0FJIu6hc2+/Xzri5WTRju+tzjBEq7FCgGVMJPTya+/0wMG0YfXl4GGhSz+F8LoLaHjRSj wfHkDn508PXj75DtJm5Hw== Subject: Re: [scim] HTTP Status code for successful DELETE X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jan 2014 19:31:29 -0000 On 2014-01-17 20:09, Matt Randall wrote: > Section 3.4 (Deleting Resources) of the 1.1 and 2.0 specification > provides the example of a 200 OK response for a successful delete. The > specification does not explicitly indicate whether a 200 or 204 should > be returned. Depending on whether a server is serving additional header > metadata associated with that operation, it would seem that either could > be a valid response. We've found certain implementations of SCIM > clients expect an exact value of 200 OK. > > My questions: > > - Should this be clarified in the specification? > - Should 204 also be accepted by SCIM clients in response to a > successful DELETE operation? > ... Do not profile HTTP. Both are success codes. Both are ok. Best regards, Julian From d.moebius@tarent.de Mon Jan 20 00:01:24 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9C0C1A0069 for ; Mon, 20 Jan 2014 00:01:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.078 X-Spam-Level: X-Spam-Status: No, score=-0.078 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e6U6HJ6j-S5u for ; Mon, 20 Jan 2014 00:01:23 -0800 (PST) Received: from mail-pb0-f71.google.com (mail-pb0-f71.google.com [209.85.160.71]) by ietfa.amsl.com (Postfix) with ESMTP id A242E1A0011 for ; Mon, 20 Jan 2014 00:01:23 -0800 (PST) Received: by mail-pb0-f71.google.com with SMTP id jt11so11879958pbb.2 for ; Mon, 20 Jan 2014 00:01:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=WLjzhQu/HdVuKB64Oi3n0KwcrawL6gSrnCJofLMtXco=; b=VII03ePMoC21Dc0JEou8w2wMj/HaTpQfJ9Ob1MW1drhYEodAX0BZIYo14ccffT1Idt Ek7JbhVTFv27cML9NyePHUOmoOxVMYjngkQNndMQsqTUSGMZFiMyJ9uGMHI057lEFDhy 0SgfmSt2ng00UbaJa3BAJhT1tNOn6aN+WRIlmui5zuyNAntsoD7QMuoGfF40MSXBmCp5 6PkgBzcU24ZQ2Paqg0G+2afFIaRjaIUh0SUC94edgcsqeR0GU2hjrkCZZ2y5QlxcXWGi bDWA5fX/3zXNwCVK/oCcV/kC0D0eUIddqvVJNS100o8rMHq7c18ZKfrd/r1NuorhFaGf /eyQ== X-Gm-Message-State: ALoCoQlprWDoLXJwY5IcT1jWnoJ+nVA0To7N4U6VYWq6FHW3yAPSGpH5BraEJYhih+sEpiZkzuoG MIME-Version: 1.0 X-Received: by 10.66.159.233 with SMTP id xf9mr1695844pab.139.1390204882599; Mon, 20 Jan 2014 00:01:22 -0800 (PST) Received: by 10.66.67.41 with HTTP; Mon, 20 Jan 2014 00:01:22 -0800 (PST) Date: Mon, 20 Jan 2014 09:01:22 +0100 Message-ID: From: David Moebius To: "scim@ietf.org" Content-Type: multipart/alternative; boundary=047d7b86ea4a3154b404f0624cc2 Subject: [scim] multiple multi valued attributes set to primary = true X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 08:01:25 -0000 --047d7b86ea4a3154b404f0624cc2 Content-Type: text/plain; charset=ISO-8859-1 Hello, what do you think should be the correct behavior if in a PUT or a PATCH request the client sends e.g. 2 mail addresses which are both set primary to true. Should this be end in a error response in a 400 Bad Request or a 409 Conflict or should it be "ignored" and e.g. only the last or the first email address will be the primary? The scim spec doesn't say anything about this. by David --047d7b86ea4a3154b404f0624cc2 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello,

what do you think should be the = correct behavior if in a PUT or a PATCH request the client sends e.g. 2 mai= l addresses which are both set primary to true.

Sh= ould this be end in a error response in a 400 Bad Request or a=A0409 Confli= ct or should it be "ignored" and e.g. only the last or the first = email address will be the primary?

The scim spec doesn't say anything about this.

by David
--047d7b86ea4a3154b404f0624cc2-- From julian.reschke@gmx.de Mon Jan 20 00:12:25 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C6761A0093 for ; Mon, 20 Jan 2014 00:12:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yn6T521CubOl for ; Mon, 20 Jan 2014 00:12:24 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 0E3D41A0092 for ; Mon, 20 Jan 2014 00:12:24 -0800 (PST) Received: from [192.168.2.117] ([84.187.52.61]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MVsUW-1VphTr1tm4-00X7ll for ; Mon, 20 Jan 2014 09:12:23 +0100 Message-ID: <52DCDA62.3060600@gmx.de> Date: Mon, 20 Jan 2014 09:12:18 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: David Moebius , "scim@ietf.org" References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:RFSGz2nfBVEfi96Gj5JeaZ4B7ACEwHEkF0PSzxi3vU02UccVGBd pIhaExqOuPxKigD/Z0dIWXcuuAuajm4DetgOayXetf5VoThv2stgou+BFO7MLY3SL7ZohVP 4bZWsIWxsKdikT/d6zW0CsSFu5QU/N6Rr7Bf9NTDljC7PuPyVAV8s1w6w92AJ+j9YqEUkXY zetWaUfF7YDoDV15y/U9w== Subject: Re: [scim] multiple multi valued attributes set to primary = true X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 08:12:25 -0000 On 2014-01-20 09:01, David Moebius wrote: > Hello, > > what do you think should be the correct behavior if in a PUT or a PATCH > request the client sends e.g. 2 mail addresses which are both set > primary to true. > > Should this be end in a error response in a 400 Bad Request or a 409 > Conflict or should it be "ignored" and e.g. only the last or the first > email address will be the primary? > > The scim spec doesn't say anything about this. > > by David A 4xx makes sense. 409 does not really ("The 409 (Conflict) status code indicates that the request could not be completed due to a conflict with the current state of the target resource."). 422 might be applicable. Best regards, Julian From erik.wahlstrom@nexusgroup.com Mon Jan 20 05:22:17 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F094F1A0155 for ; Mon, 20 Jan 2014 05:22:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.735 X-Spam-Level: X-Spam-Status: No, score=-0.735 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rugWYj8juezi for ; Mon, 20 Jan 2014 05:22:14 -0800 (PST) Received: from smtp.nexusgroup.com (smtp.nexusgroup.com [83.241.133.121]) by ietfa.amsl.com (Postfix) with ESMTP id 9D4B21A014B for ; Mon, 20 Jan 2014 05:22:12 -0800 (PST) Received: from NG-EX01.ad.nexusgroup.com (10.75.28.40) by NG-EX02.ad.nexusgroup.com (10.75.28.43) with Microsoft SMTP Server (TLS) id 15.0.775.38; Mon, 20 Jan 2014 14:22:02 +0100 Received: from NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab]) by NG-EX01.ad.nexusgroup.com ([fe80::1d3d:b319:f020:2bab%12]) with mapi id 15.00.0775.031; Mon, 20 Jan 2014 14:21:56 +0100 From: =?Windows-1252?Q?Erik_Wahlstr=F6m?= To: Julian Reschke Thread-Topic: [scim] HTTP Status code for successful DELETE Thread-Index: AQHPE7e8Fv3HnPbID0yceBVb3tEtrZqJPR8AgARP3YA= Date: Mon, 20 Jan 2014 13:21:56 +0000 Message-ID: References: <52D984F8.8010204@gmx.de> In-Reply-To: <52D984F8.8010204@gmx.de> Accept-Language: en-US, sv-SE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.75.28.96] Content-Type: multipart/alternative; boundary="_000_ED20E80F1DD7426CA8DBEDF35D6ADC55nexusgroupcom_" MIME-Version: 1.0 Cc: "scim@ietf.org" , Matt Randall Subject: Re: [scim] HTTP Status code for successful DELETE X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 13:22:17 -0000 --_000_ED20E80F1DD7426CA8DBEDF35D6ADC55nexusgroupcom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi, I=92ve been thinking about this for a while now and it feels like we alread= y have started to profile HTTP. Even through I kinda like the concept of no= t messing with it. An examples is that the spec define that a create should be a 201 Created. = An un-profiled spec would also accept 100 Continue. Another example is that= a PATCH MUST return either 200 or 204 No Content according to the spec. In the line of keeping it as simple as possible, an early and important des= ign decision, to implement (even in very thin clients and in javascript), I= think it=92s important to define things like this rather hard. That helps = the clients always know what to expect. We talked a bit about response codes for DELETE before http://www.ietf.org/= mail-archive/web/scim/current/msg01390.html And we also have a ticket for it https://tools.ietf.org/wg/scim/trac/ticket= /39 I prefer to define that a server MUST return a 204 No Content on response t= o a successful DELETE request. That means, I=92m pro profiling. / Erik On 17 Jan 2014, at 20:31, Julian Reschke > wrote: On 2014-01-17 20:09, Matt Randall wrote: Section 3.4 (Deleting Resources) of the 1.1 and 2.0 specification provides the example of a 200 OK response for a successful delete. The specification does not explicitly indicate whether a 200 or 204 should be returned. Depending on whether a server is serving additional header metadata associated with that operation, it would seem that either could be a valid response. We've found certain implementations of SCIM clients expect an exact value of 200 OK. My questions: - Should this be clarified in the specification? - Should 204 also be accepted by SCIM clients in response to a successful DELETE operation? ... Do not profile HTTP. Both are success codes. Both are ok. Best regards, Julian _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim --_000_ED20E80F1DD7426CA8DBEDF35D6ADC55nexusgroupcom_ Content-Type: text/html; charset="Windows-1252" Content-ID: <829177BF528DEC499E4AD9A43D36BD66@nexusgroup.com> Content-Transfer-Encoding: quoted-printable
Hi,

I=92ve been thinking about this for a while now and it feels like we a= lready have started to profile HTTP. Even through I kinda like the concept = of not messing with it.

An examples is that the spec define that a create should be a 201 Crea= ted. An un-profiled spec would also accept 100 Continue. Another example is= that a PATCH MUST return either 200 or 204 No Content according to the spe= c.

In the line of keeping it as simple as possible, an early and importan= t design decision, to implement (even in very thin clients and in javascrip= t), I think it=92s important to define things like this rather hard. That h= elps the clients always know what to expect.

We talked a bit about response codes for DELETE before http://ww= w.ietf.org/mail-archive/web/scim/current/msg01390.html

And we also have a ticket for it https://tools.ietf.org/wg/scim/trac/ticket/39=

I prefer to define that a server MUST return a 204 No Content on respo= nse to a successful DELETE request. That means, I=92m pro profiling.

/ Erik


On 17 Jan 2014, at 20:31, Julian Reschke <julian.reschke@gmx.de> wrote:

On 2014-01-17 20:09, Matt Randall wrote:
Section 3.4 (Deleting Resources) of the 1.1 and 2= .0 specification
provides the example of a 200 OK response for a successful delete.  Th= e
specification does not explicitly indicate whether a 200 or 204 should
be returned.  Depending on whether a server is serving additional head= er
metadata associated with that operation, it would seem that either could be a valid response.  We've found certain implementations of SCIM
clients expect an exact value of 200 OK.

My questions:

- Should this be clarified in the specification?
- Should 204 also be accepted by SCIM clients in response to a
successful DELETE operation?
...

Do not profile HTTP. Both are success codes. Both are ok.

Best regards, Julian
_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

--_000_ED20E80F1DD7426CA8DBEDF35D6ADC55nexusgroupcom_-- From julian.reschke@gmx.de Mon Jan 20 05:39:42 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C95501A015A for ; Mon, 20 Jan 2014 05:39:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.6 X-Spam-Level: X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xEAreEYhjpX1 for ; Mon, 20 Jan 2014 05:39:41 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id 58C0C1A0159 for ; Mon, 20 Jan 2014 05:39:41 -0800 (PST) Received: from [192.168.1.102] ([217.91.35.233]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MaIw0-1VlWMe2rxw-00Jqoy for ; Mon, 20 Jan 2014 14:39:41 +0100 Message-ID: <52DD2711.9040806@gmx.de> Date: Mon, 20 Jan 2014 14:39:29 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: =?windows-1252?Q?Erik_Wahlstr=F6m?= References: <52D984F8.8010204@gmx.de> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:HWiKXdsyg6SFoVCTUGLxALFM5/72ZPFhYtWGRdzMcSVX8pHTdKo /wj+gEsmfanJm3UBL1yIfOYmyv++7tRs7z6y6L0+A8eDLpbFhA6q1PXwkd24gYwGuNaIWgd lVKnB3UPjTJUup5DtYxYhcA+lq+d2bebPS5ZojifWWhPgrxam3XHEJpTKqkAIO1Uv5HGZHe f/KKfH1mAuFd0+lTra5aw== Cc: "scim@ietf.org" , Matt Randall Subject: Re: [scim] HTTP Status code for successful DELETE X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 13:39:43 -0000 On 2014-01-20 14:21, Erik Wahlström wrote: > Hi, > > I’ve been thinking about this for a while now and it feels like we > already have started to profile HTTP. Even through I kinda like the > concept of not messing with it. > > An examples is that the spec define that a create should be a 201 > Created. An un-profiled spec would also accept 100 Continue. Another Yes and no. 100 Continue is not a final status. And no, don't profile. > example is that a PATCH MUST return either 200 or 204 No Content > according to the spec. What if the PATCH request created a resource? > In the line of keeping it as simple as possible, an early and important > design decision, to implement (even in very thin clients and in > javascript), I think it’s important to define things like this rather > hard. That helps the clients always know what to expect. That's exactly the wrong approach. You're basically inventing a profile without the need to do so. This has lots of disadvantages; for instance, you restrict yourself to HTTP libs/impls that you can control at that detail level, the protocol gets harder to evolve, it becomes super-hard to have resources implement multiple HTTP-based protocols at the same time, and furthermore intermediaries might get in the way. > We talked a bit about response codes for DELETE before > http://www.ietf.org/mail-archive/web/scim/current/msg01390.html > > And we also have a ticket for it > https://tools.ietf.org/wg/scim/trac/ticket/39 > > I prefer to define that a server MUST return a 204 No Content on > response to a successful DELETE request. That means, I’m pro profiling. > ... Don't. We've had this discussion multiple times in the APPS area already :-). Best regards, Julian From julian.reschke@gmx.de Mon Jan 20 07:01:27 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3A41A0197 for ; Mon, 20 Jan 2014 07:01:27 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lxXZwAz-BDPT for ; Mon, 20 Jan 2014 07:01:25 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 8B1691A014F for ; Mon, 20 Jan 2014 07:01:25 -0800 (PST) Received: from [192.168.1.102] ([217.91.35.233]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0LqW8j-1VRVp611VJ-00e0eq for ; Mon, 20 Jan 2014 16:01:25 +0100 Message-ID: <52DD3A43.7000100@gmx.de> Date: Mon, 20 Jan 2014 16:01:23 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: "scim@ietf.org WG" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:Fkdys47mdC7ptn39oeNaGoa5hfLHqi8s6mc/V+grHVDyqAw7zuC /oAKHNphRkY7Vq/iY4RxL8h/m5TPtzUcay3GSAtruwf8StCudZoTj+FUDLo05amJzlrDIq4 ZYdCPD358xRf58McGFnfBbkUbeQnVfCcUBbmtWAQswfuEQ6NJPdDy0sG3b+qOsIY+YL/U63 SQJ+1LWcWuK1zN0OVo5jQ== Subject: [scim] use of 412 X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 15:01:27 -0000 Hi there, the SCIM API draft hints about using status code 412 when the resource being updated has changed. However, status code 412 is reserved for HTTP requests that specify a conditional header field (such as If-Match). If that's not the case 412 is the wrong choice; you may want to use 409 (Conflict) instead. Best regards, Julian From t.krille@tarent.de Mon Jan 20 07:15:57 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 374501A00DE for ; Mon, 20 Jan 2014 07:15:57 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.723 X-Spam-Level: X-Spam-Status: No, score=0.723 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7D8Vz9uXqPWe for ; Mon, 20 Jan 2014 07:15:55 -0800 (PST) Received: from mail-ie0-f200.google.com (mail-ie0-f200.google.com [209.85.223.200]) by ietfa.amsl.com (Postfix) with ESMTP id 01C271A0192 for ; Mon, 20 Jan 2014 07:15:54 -0800 (PST) Received: by mail-ie0-f200.google.com with SMTP id tp5so9420675ieb.11 for ; Mon, 20 Jan 2014 07:15:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=F/OSHfUet6cPhnbm+k44Gp99samt5KmnvUOeoKRboX8=; b=gk1biN/0qyFTommwumBM4Cg6o+94mBLn6yRl/4dwAstmG4qakNqQXbrYoGe4HWxhfs iFr8PvknZDV1kkWnO9TR16DQJnEAZW62p3so3dubl2KvFKF8V4BzXK834/bYKkuV1LL3 z3vphHlm3z9efC3EOFGKAdD1sYx5pOmTjDtc6J8Ke2xJTBkHGgwGalIW3Z06Re381Hx4 YeunHzyRCEOzh3nawKNV40jg1dQZHhBMltvdceHRlByExrjk6a+fowG2mFuFmpMNVYLC 2Vavof0QxGxgQQDt1REMrbULZYg2rELoOl2JYp3YxeVoDTh16OmHEooa/nUATXecjFKY jgkw== X-Gm-Message-State: ALoCoQnXb7kdnUnKJWPtKwWHmCvl0+w650sJn7j/EuilN8nzhb1fyWtjnkrz9zl5+Ta/nTuPoH5Z X-Received: by 10.50.132.36 with SMTP id or4mr1014827igb.44.1390230955031; Mon, 20 Jan 2014 07:15:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.232.35 with HTTP; Mon, 20 Jan 2014 07:15:34 -0800 (PST) In-Reply-To: <52DCDA62.3060600@gmx.de> References: <52DCDA62.3060600@gmx.de> From: Thomas Krille Date: Mon, 20 Jan 2014 16:15:34 +0100 Message-ID: To: Julian Reschke , "scim@ietf.org" Content-Type: multipart/alternative; boundary=047d7b3a9b4c3b24ce04f0685e68 Subject: Re: [scim] multiple multi valued attributes set to primary = true X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 15:15:57 -0000 --047d7b3a9b4c3b24ce04f0685e68 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable 2014/1/20 Julian Reschke > A 4xx makes sense. 409 does not really ("The 409 (Conflict) status code > indicates that the request could not be completed due to a conflict with > the current state of the target resource."). > > 422 might be applicable. 422 would be nice, but it is defined by the WebDAV HTTP extensions, that do not apply here (we don't make no WebDAV). 400 seems to be the only valid choice, though it is rather some kind of abstract in case of a semantical error like this. I think it should be clarified by the spec what to do. Thomas Krille Softwareentwicklung tarent solutions GmbH Telefon +49 (0) 30 138803-128 Telefax +49 (0) 228 54881-235 t.krille@tarent.de Rochusstra=C3=9Fe 2-4, D-53123 Bonn =E2=80=A2 http://www.tarent.de/ Tel: +49 228 54881-0 =E2=80=A2 Fax: +49 228 54881-235 HRB AG Bonn 5168 =E2=80=A2 USt-ID (VAT): DE122264941 Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Ale= xander Steeg --047d7b3a9b4c3b24ce04f0685e68 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
2014/1/20 Julian Reschke=C2=A0<= span dir=3D"ltr"><julian.reschke@gmx.de>
A 4xx makes sense. 409 does not really ("The 409 (Conflict) status cod= e indicates that the request could not be completed due to a conflict with = the current state of the target resource.").

422 might be appli= cable.

422 would b= e nice, but it is defined by the WebDAV HTTP extensions, that do not apply = here (we don't make no WebDAV). 400 seems to be the only valid choice, = though it is rather some kind of abstract in case of a semantical error lik= e this. I think it should be clarified by the spec what to do.

Thomas K= rille
Softwareentwicklung
tarent solutions GmbH

Telefon +49 (0= ) 30 138803-128
Telefax +49 (0) 228 54881-235
t.krille@tarent.de

Rochusstra=C3=9Fe 2-4, D-53123 Bonn =E2=80=A2=C2=A0http://www.tarent.de/
Tel: +49 228 5= 4881-0 =E2=80=A2 Fax: +49 228 54881-235
HRB AG Bonn 5168 =E2=80=A2 USt-I= D (VAT): DE122264941
Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefan Barth, Kai Eb= enrett, Boris Esser, Alexander Steeg
--047d7b3a9b4c3b24ce04f0685e68-- From julian.reschke@gmx.de Mon Jan 20 07:20:23 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA4901A01A3 for ; Mon, 20 Jan 2014 07:20:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LfSsvdVG-jDY for ; Mon, 20 Jan 2014 07:20:23 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id AD4571A019D for ; Mon, 20 Jan 2014 07:20:22 -0800 (PST) Received: from [192.168.1.102] ([217.91.35.233]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MVayZ-1Vp2y10jux-00Z2Xk for ; Mon, 20 Jan 2014 16:20:22 +0100 Message-ID: <52DD3EB5.4020908@gmx.de> Date: Mon, 20 Jan 2014 16:20:21 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Thomas Krille , "scim@ietf.org" References: <52DCDA62.3060600@gmx.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:GmS1sxvfAW5wiZAXK7ktkklaIbXilW9RPDyhND3ifJMKtkiHsa9 vTyekKyTlGadW9VU5egjPGMZm4b0hhsPBrJrKPPr6q/kbjArvg/kuQ89CXcoVxbBvJO4tF3 /h0+wFIIH0GX/OCbdT7kpN9LWT6UgjHfIl8osXgdJMvzy8Yxq4CRJEHoTFzeHtF+ZypneH7 XpzUs9CXYF5He/IHwIctA== Subject: Re: [scim] multiple multi valued attributes set to primary = true X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 15:20:24 -0000 On 2014-01-20 16:15, Thomas Krille wrote: > 2014/1/20 Julian Reschke > > > A 4xx makes sense. 409 does not really ("The 409 (Conflict) status > code indicates that the request could not be completed due to a > conflict with the current state of the target resource."). > > 422 might be applicable. > > > 422 would be nice, but it is defined by the WebDAV HTTP extensions, that > do not apply here (we don't make no WebDAV). 400 seems to be the only The status code can be used independently of WebDAV (check the definition). There's a reason why we have a protocol-independent registry of status codes, after all. > ... Best regards, Julian From randomshelley@gmail.com Mon Jan 20 08:15:53 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C1541A01BD for ; Mon, 20 Jan 2014 08:15:53 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g3frmLEusPEc for ; Mon, 20 Jan 2014 08:15:50 -0800 (PST) Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2C51A01B5 for ; Mon, 20 Jan 2014 08:15:50 -0800 (PST) Received: by mail-ie0-f180.google.com with SMTP id at1so5318695iec.25 for ; Mon, 20 Jan 2014 08:15:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=SliCPSHN4fKLuevUeq/7rbAiW0RwXsT3luph67DxKpE=; b=JmuC7kFivR/kogSUKsBPLuIIZQECTfr88e9TVsdn3otjW7uYVfT+FUS36wlLcM/aBf wK2KzMt+EN4+BGEY8MhvEFM3+9ZSaqvuJWvSVpo1mIdg2cbi5t5eG7Q+M/YBJIP3PyN+ 3Yp7S+HcyCBxGN6PG5J1CjK12IJW6JhTpLw57ac3EFhbHEU2F3EJ3bC7g55SWHdBQvf4 BtgWdTT7rTzD7UPr7l9BHh8oUGHFtWtwuGBHNzKNtDWuXtbOnUWR8jdI8pU0ZiivXA+X LAm8Lgtq5WlJuBKRQRyXOXkia9wEmy1bD9nJoHYrGwezU5WgrhzNgmW6NqeRXt3M+VHE v1+Q== MIME-Version: 1.0 X-Received: by 10.50.232.9 with SMTP id tk9mr13236365igc.27.1390234550272; Mon, 20 Jan 2014 08:15:50 -0800 (PST) Received: by 10.64.28.139 with HTTP; Mon, 20 Jan 2014 08:15:50 -0800 (PST) Date: Mon, 20 Jan 2014 10:15:50 -0600 Message-ID: From: Shelley To: "scim@ietf.org" Content-Type: multipart/alternative; boundary=f46d042c63a586bdc804f0693464 Subject: [scim] multiple multi valued attributes set to primary = true X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 16:15:53 -0000 --f46d042c63a586bdc804f0693464 Content-Type: text/plain; charset=ISO-8859-1 Note that this was previously discussed briefly in this thread [1] as well. +1 to failing with a *400 Bad Request *if multiple "true" primary values are provided. -1 to 409. This status is generally used to indicate a conflict with an existing resource on the server. In this case, the resource itself is not duplicated; just bad attributes within the resource are provided (i.e. it is a bad request which violates schema, rather than a conflict which duplicates a resource). -1 to 422. Although this status code may be appropriate, the SCIM spec *already uses 400s *for the general purpose of indicating bad requests from the client, not only limited to invalid syntax (i.e. bad requests) but also invalid semantics (i.e. unprocessable entities) [2]. For what it's worth, In our current SCIM 1.1 SP implementation, we are using 400s for this condition. [1] http://www.ietf.org/mail-archive/web/scim/current/msg01057.html [2] http://www.simplecloud.info/specs/draft-scim-api-01.html ---------- Forwarded message ---------- > From: Julian Reschke > To: Thomas Krille , "scim@ietf.org" > Cc: > Date: Mon, 20 Jan 2014 16:20:21 +0100 > Subject: Re: [scim] multiple multi valued attributes set to primary = true > On 2014-01-20 16:15, Thomas Krille wrote: > >> 2014/1/20 Julian Reschke > > >> >> A 4xx makes sense. 409 does not really ("The 409 (Conflict) status >> code indicates that the request could not be completed due to a >> conflict with the current state of the target resource."). >> >> 422 might be applicable. >> >> >> 422 would be nice, but it is defined by the WebDAV HTTP extensions, that >> do not apply here (we don't make no WebDAV). 400 seems to be the only >> > > The status code can be used independently of WebDAV (check the > definition). There's a reason why we have a protocol-independent registry > of status codes, after all. > > ... >> > > Best regards, Julian > --f46d042c63a586bdc804f0693464 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Note that this was previously discussed briefly = in this thread [1] as well.

+1 to failing with a 400 Bad Request = if multiple "true" primary values are provided.

-1 to 409. This status is generally used to=20 indicate a conflict with an existing resource on the server. In this=20 case, the resource itself is not duplicated; just bad attributes within=20 the resource are provided (i.e. it is a bad request which violates=20 schema, rather than a conflict which duplicates a resource).

-= 1 to 422. Although this status code may be appropriate, the SCIM spec al= ready uses 400s for the general purpose of indicating bad requests from= the client, not only limited to invalid syntax (i.e. bad requests) but als= o invalid semantics (i.e. unprocessable entities) [2].

For what it's worth, In our current SCIM 1.1 SP implementation, we = are using 400s for this condition.

[1] http://www.ietf.org/mail-archive/web/scim/current/ms= g01057.html
[2] http://www.simplecloud.info/specs/draft-scim-api-01.html

---------- Forwarded message ----------
From:=A0Julian Reschke <= ;julian.reschke@= gmx.de>
To:=A0Thomas Krille <t.krille@tarent.de>, "scim@ietf.org" <scim@ietf.org>
Cc:=A0
Date:=A0Mon, 20 Jan 2014 16:20:21 +0100
Subject:=A0Re: [scim] = multiple multi valued attributes set to primary =3D true
On 2014-01-20 1= 6:15, Thomas Krille wrote:
2014/1/20 Julian Reschke <julian.reschke@gmx.de
<mailto:julia= n.reschke@gmx.de>>

=A0 =A0 A 4xx makes sense. 409 does not really ("The 409 (Conflict) st= atus
=A0 =A0 code indicates that the request could not be completed due to a
=A0 =A0 conflict with the current state of the target resource.").

=A0 =A0 422 might be applicable.


422 would be nice, but it is defined by the WebDAV HTTP extensions, that do not apply here (we don't make no WebDAV). 400 seems to be the only

The status code can be used independently of WebDAV (check the definition).= There's a reason why we have a protocol-independent registry of status= codes, after all.

...

Best regards, Julian
--f46d042c63a586bdc804f0693464-- From julian.reschke@gmx.de Mon Jan 20 08:26:31 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD9761A01BF for ; Mon, 20 Jan 2014 08:26:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FLB7Fj1mEI-Y for ; Mon, 20 Jan 2014 08:26:30 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id 129121A01A5 for ; Mon, 20 Jan 2014 08:26:30 -0800 (PST) Received: from [192.168.1.102] ([217.91.35.233]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MKHik-1W4jBL3NNm-001mln for ; Mon, 20 Jan 2014 17:26:29 +0100 Message-ID: <52DD4E34.4080308@gmx.de> Date: Mon, 20 Jan 2014 17:26:28 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Shelley , "scim@ietf.org" References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:kreNci93IzJFvYTJEoTcoD9vtJrsYMJ/jBkyL8Ak5cMUC3AIlF+ P56zsemtXjv9zrIaBpjRmLr0BzHWFPvm3ZqPDWq8UBYcM1YGf2OrSw7uaBEHVk1JhnQFg7K Nz5x6SOj4ZfOqA9+IH1OV5xJeMJ8K8BCyOakZMEQYMKEUBudHieeg4xKHz6HSPxWb7RnDrj qEXEmB78p3fusAd2liaag== Subject: Re: [scim] multiple multi valued attributes set to primary = true X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 16:26:31 -0000 On 2014-01-20 17:15, Shelley wrote: > Note that this was previously discussed briefly in this thread [1] as well. > > +1 to failing with a *400 Bad Request *if multiple "true" primary values > are provided. Yes, it needs to be 400 or something more specific. > -1 to 409. This status is generally used to indicate a conflict with an > existing resource on the server. In this case, the resource itself is > not duplicated; just bad attributes within the resource are provided > (i.e. it is a bad request which violates schema, rather than a conflict > which duplicates a resource). Correct, 409 is the wrong code if the message itself has a problem. > -1 to 422. Although this status code may be appropriate, the SCIM spec > /already uses 400s /for the general purpose of indicating bad requests > from the client, not only limited to invalid syntax (i.e. bad requests) > but also invalid semantics (i.e. unprocessable entities) [2]. Well, the same argument pro 422 applies to the other cases as well. And yes, consistency is good. Anyway, this is another example why profiling is bad. If somebody defines a more specific status code that would make sense but the spec already REQUIREs 400 you're screwed. > ... Best regards, Julian From kelly.grizzle@sailpoint.com Mon Jan 20 18:55:40 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13EE41A0017 for ; Mon, 20 Jan 2014 18:55:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T_0bXSJstX3z for ; Mon, 20 Jan 2014 18:55:38 -0800 (PST) Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0185.outbound.protection.outlook.com [207.46.163.185]) by ietfa.amsl.com (Postfix) with ESMTP id 5FC731A000E for ; Mon, 20 Jan 2014 18:55:38 -0800 (PST) Received: from BN1PR04MB392.namprd04.prod.outlook.com (10.141.60.151) by BN1PR04MB389.namprd04.prod.outlook.com (10.141.60.140) with Microsoft SMTP Server (TLS) id 15.0.851.11; Tue, 21 Jan 2014 02:55:36 +0000 Received: from BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.75]) by BN1PR04MB392.namprd04.prod.outlook.com ([169.254.10.75]) with mapi id 15.00.0851.011; Tue, 21 Jan 2014 02:55:36 +0000 From: Kelly Grizzle To: Julian Reschke , "scim@ietf.org" Thread-Topic: [scim] draft-ietf-scim-api: use of PATCH with content-type application/json Thread-Index: AQHPE2acmZ88w8cvLUewU8GpqUDZjZqOgOfQ Date: Tue, 21 Jan 2014 02:55:35 +0000 Message-ID: <66366898d2c046feac67322455f87ef1@BN1PR04MB392.namprd04.prod.outlook.com> References: <52D8F7E5.9020603@gmx.de> In-Reply-To: <52D8F7E5.9020603@gmx.de> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [72.182.10.254] x-forefront-prvs: 0098BA6C6C x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(13464003)(377454003)(189002)(51914003)(199002)(51856001)(81686001)(83072002)(81542001)(85852003)(80976001)(56776001)(56816005)(66066001)(80022001)(76482001)(90146001)(33646001)(76796001)(50986001)(53806001)(47976001)(69226001)(49866001)(19580405001)(86362001)(19580395003)(47446002)(83322001)(54356001)(47736001)(87266001)(59766001)(31966008)(74876001)(79102001)(2656002)(87936001)(81342001)(77982001)(15975445006)(92566001)(74662001)(76576001)(63696002)(76786001)(74316001)(74502001)(65816001)(74706001)(74366001)(81816001)(4396001)(46102001)(224303002)(93516002)(224313003)(77096001)(93136001)(54316002)(85306002)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN1PR04MB389; H:BN1PR04MB392.namprd04.prod.outlook.com; CLIP:72.182.10.254; FPR:; RD:InfoNoRecords; MX:1; A:1; LANG:en; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: sailpoint.com Subject: Re: [scim] draft-ietf-scim-api: use of PATCH with content-type application/json X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 02:55:40 -0000 Thanks for the pointer, Julian. The problem that I see with merge patch is= that is does not have any way to add/remove elements to/from arrays withou= t specifying the entire array value. This was one of the primary use cases= that drove SCIM to implement PATCH ... to be able to add or remove group m= embers on large groups without having to replace the entire list. This not= only leads to very large requests, but also can have concurrency problems = for groups that are modified often. --Kelly -----Original Message----- From: scim [mailto:scim-bounces@ietf.org] On Behalf Of Julian Reschke Sent: Friday, January 17, 2014 3:29 AM To: scim@ietf.org Subject: [scim] draft-ietf-scim-api: use of PATCH with content-type applica= tion/json Hi there, it seems that this draft uses application/json with a PATCH request.=20 However, there are no PATCH semantics defined for this type. You may want to have a look at draft-ietf-appsawg-json-merge-patch=20 (which defines a new type for this purpose). Best regards, Julian _______________________________________________ scim mailing list scim@ietf.org https://www.ietf.org/mailman/listinfo/scim From julian.reschke@gmx.de Tue Jan 21 00:01:41 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A06B1A0058 for ; Tue, 21 Jan 2014 00:01:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKBti8QCaTIa for ; Tue, 21 Jan 2014 00:01:39 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 8F4601A0054 for ; Tue, 21 Jan 2014 00:01:39 -0800 (PST) Received: from [192.168.2.117] ([93.217.73.45]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MWPOI-1VpcDY2S4Y-00XbkA for ; Tue, 21 Jan 2014 09:01:38 +0100 Message-ID: <52DE295E.2020704@gmx.de> Date: Tue, 21 Jan 2014 09:01:34 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Kelly Grizzle , "scim@ietf.org" References: <52D8F7E5.9020603@gmx.de> <66366898d2c046feac67322455f87ef1@BN1PR04MB392.namprd04.prod.outlook.com> In-Reply-To: <66366898d2c046feac67322455f87ef1@BN1PR04MB392.namprd04.prod.outlook.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:2fk/ZWFwNAzqoxXh918lvjgdsR0OIaT/tNn0D58dY8/35sTUOO3 A15q7LCuzjtaa3sHt7dmP+dbqfKazcQIXMeSRMcdrsW1Lr1+5u8DfaagU34WD4sIedYjzjR VAyrbUq4bIhOk21ZRGPRtFlt/VY3K/DSVrsHXPsrn4gOTMJdMUYmHOb2dQTPiHRxojKiX5W texI0bXGVf0wHrmriSe5g== Subject: Re: [scim] draft-ietf-scim-api: use of PATCH with content-type application/json X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 08:01:41 -0000 On 2014-01-21 03:55, Kelly Grizzle wrote: > Thanks for the pointer, Julian. The problem that I see with merge patch is that is does not have any way to add/remove elements to/from arrays without specifying the entire array value. This was one of the primary use cases that drove SCIM to implement PATCH ... to be able to add or remove group members on large groups without having to replace the entire list. This not only leads to very large requests, but also can have concurrency problems for groups that are modified often. > > --Kelly Well, right now you're doing something outside the specs. This *will* be raised as a problem once you last-call the document anyway, so you'll have to deal with it sooner or later. An alternative format you can use is JSON Patch (http://tools.ietf.org/html/rfc6902). Best regards, Julian From julian.reschke@gmx.de Wed Jan 22 02:46:29 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A9191A0429 for ; Wed, 22 Jan 2014 02:46:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCcFsdqVZ9VC for ; Wed, 22 Jan 2014 02:46:28 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id 4D3BA1A0426 for ; Wed, 22 Jan 2014 02:46:28 -0800 (PST) Received: from [192.168.1.102] ([93.217.124.104]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MEWxh-1W7q5D3sYz-00FkEu for ; Wed, 22 Jan 2014 11:46:26 +0100 Message-ID: <52DFA17F.8070305@gmx.de> Date: Wed, 22 Jan 2014 11:46:23 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: "scim@ietf.org WG" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:D+tiCjRDd00hFvRNzCpvME/gh6osrtHs7homEtwec7rTafKEF5i N9g2PEW+R8p5N9tJOHk23K2aOy1FINWA23TXZf3tieFhfpF9Udm4bf3GfzYxAXvX2rdP1/e fohAbUkzAsGZXMdb4/Ut3uCP/1s/hi0AKZDtscMURaihkQkZEZSTP9U4b2Cm2p8cRHTKbuV Pf1p7KR3RJvWUxMSQIcNg== Subject: [scim] http://tools.ietf.org/html/draft-ietf-scim-api-02#section-3.12: "X-HTTP-Method-Override" X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jan 2014 10:46:29 -0000 Hi there. I think it's problematic for a standards-track document to allow use of a header field that is not in the HTTP header field registry. If you really believe that is is needed (which I doubt) than you really ought to work on a separate spec that defines and registers it in the header field registry. Best regards, Julian From leifj@mnt.se Wed Jan 22 02:51:46 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 573661A0424 for ; Wed, 22 Jan 2014 02:51:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDYgRqknuG0y for ; Wed, 22 Jan 2014 02:51:45 -0800 (PST) Received: from mail-we0-f170.google.com (mail-we0-f170.google.com [74.125.82.170]) by ietfa.amsl.com (Postfix) with ESMTP id A7E111A00A4 for ; Wed, 22 Jan 2014 02:51:44 -0800 (PST) Received: by mail-we0-f170.google.com with SMTP id u57so183156wes.15 for ; Wed, 22 Jan 2014 02:51:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=eliMfeiRpbyGtKfjr16CU475CTmGOHRTVduTFNvjp34=; b=iGptjyahkyRg1QG9pGQhx7pFt+eiw8dNM7KZYLsviOAQ4ZejVc4U0N82wWfitedQUQ 8H3+rGCHo8/JPvgNU9hs9KsBZsfjtV4SV7E7oZ/0oKwpQhsUmJ6v+Q3G8oz2XUnxQ4FU TYg9Q0Oq06JoO7zWySEoBouMnM5VLwFgQs0UOftGFWOQX+e5/PK9GOm8rfUpx0bl7b2f LRmhbaS/tHHKakp9ftToYXjilgVjSowfgF1JBC1ISDPm29GatKcgpDqmuhfv3/cP+Rxw iM766Wk+vZdn++ajvXhXC0BS2N3ehlrCU89z/lCrv1N5HQLZVkgr4JqKFuBp4Pq3dnmT ZUqw== X-Gm-Message-State: ALoCoQmg6QhsFX94zgkPvu5QUIBPxLG0pvkqRMSpiLXUSFFTWHb7n9CyVctonH4pxFNK6RtuOuOQ X-Received: by 10.194.142.142 with SMTP id rw14mr851414wjb.87.1390387903593; Wed, 22 Jan 2014 02:51:43 -0800 (PST) Received: from ?IPv6:2001:948:6:2:94e2:a82a:f7e8:34b9? ([2001:948:6:2:94e2:a82a:f7e8:34b9]) by mx.google.com with ESMTPSA id fo6sm17883535wib.7.2014.01.22.02.51.42 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 22 Jan 2014 02:51:42 -0800 (PST) Message-ID: <52DFA2BE.6080407@mnt.se> Date: Wed, 22 Jan 2014 11:51:42 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: scim@ietf.org References: <52DFA17F.8070305@gmx.de> In-Reply-To: <52DFA17F.8070305@gmx.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [scim] http://tools.ietf.org/html/draft-ietf-scim-api-02#section-3.12: "X-HTTP-Method-Override" X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jan 2014 10:51:46 -0000 On 2014-01-22 11:46, Julian Reschke wrote: > Hi there. > > I think it's problematic for a standards-track document to allow use > of a header field that is not in the HTTP header field registry. > > If you really believe that is is needed (which I doubt) than you > really ought to work on a separate spec that defines and registers it > in the header field registry. > Thats an excellent point Julian. From phil.hunt@oracle.com Sat Jan 25 15:51:28 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0225F1A00B1 for ; Sat, 25 Jan 2014 15:51:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.736 X-Spam-Level: X-Spam-Status: No, score=-4.736 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dwSYrjO6u6h9 for ; Sat, 25 Jan 2014 15:51:26 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 47AE21A00AC for ; Sat, 25 Jan 2014 15:51:26 -0800 (PST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0PNpHW0023005 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 25 Jan 2014 23:51:19 GMT Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0PNpGA2023024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 25 Jan 2014 23:51:17 GMT Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0PNpGS9026918; Sat, 25 Jan 2014 23:51:16 GMT Received: from [25.9.2.165] (/24.114.54.187) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sat, 25 Jan 2014 15:51:16 -0800 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable References: <52D984F8.8010204@gmx.de> <52DD2711.9040806@gmx.de> From: Phil Hunt Mime-Version: 1.0 (1.0) In-Reply-To: <52DD2711.9040806@gmx.de> Message-Id: <64F5F2C1-168C-4EF4-94AF-EFB3FF2D4ABF@oracle.com> Date: Sat, 25 Jan 2014 17:51:52 -0500 To: Julian Reschke X-Mailer: iPhone Mail (11B554a) X-Source-IP: acsinet22.oracle.com [141.146.126.238] Cc: "scim@ietf.org" , =?utf-8?Q?Erik_Wahlstr=C3=B6m?= , Matt Randall Subject: Re: [scim] HTTP Status code for successful DELETE X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jan 2014 23:51:28 -0000 Phil > On Jan 20, 2014, at 8:39, Julian Reschke wrote: >=20 >> On 2014-01-20 14:21, Erik Wahlstr=C3=B6m wrote: >> Hi, >>=20 >> I=E2=80=99ve been thinking about this for a while now and it feels like w= e >> already have started to profile HTTP. Even through I kinda like the >> concept of not messing with it. >>=20 >> An examples is that the spec define that a create should be a 201 >> Created. An un-profiled spec would also accept 100 Continue. Another >=20 > Yes and no. 100 Continue is not a final status. >=20 > And no, don't profile. Umm why or why not is ANY rest spec a profile of http? >=20 >> example is that a PATCH MUST return either 200 or 204 No Content >> according to the spec. >=20 > What if the PATCH request created a resource? In scim i am not aware of this possibility. Patch can only change attributes= of existing resources. That seems pretty consistent with a lot of rest approaches.=20 >=20 >> In the line of keeping it as simple as possible, an early and important >> design decision, to implement (even in very thin clients and in >> javascript), I think it=E2=80=99s important to define things like this ra= ther >> hard. That helps the clients always know what to expect. >=20 > That's exactly the wrong approach. You're basically inventing a profile wi= thout the need to do so. This has lots of disadvantages; for instance, you r= estrict yourself to HTTP libs/impls that you can control at that detail leve= l, the protocol gets harder to evolve, it becomes super-hard to have resourc= es implement multiple HTTP-based protocols at the same time, and furthermore= intermediaries might get in the way. See above regarding rest apis.=20 >=20 >> We talked a bit about response codes for DELETE before >> http://www.ietf.org/mail-archive/web/scim/current/msg01390.html >>=20 >> And we also have a ticket for it >> https://tools.ietf.org/wg/scim/trac/ticket/39 >>=20 >> I prefer to define that a server MUST return a 204 No Content on >> response to a successful DELETE request. That means, I=E2=80=99m pro prof= iling. >> ... >=20 > Don't. We've had this discussion multiple times in the APPS area already := -). >=20 > Best regards, Julian > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim From julian.reschke@gmx.de Sun Jan 26 01:40:31 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 328511A0121 for ; Sun, 26 Jan 2014 01:40:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vhsB5eUYBGRD for ; Sun, 26 Jan 2014 01:40:29 -0800 (PST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ietfa.amsl.com (Postfix) with ESMTP id 5C6441A0119 for ; Sun, 26 Jan 2014 01:40:27 -0800 (PST) Received: from [192.168.2.117] ([84.187.55.78]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0MLOMM-1W7uQt02CI-000b6G for ; Sun, 26 Jan 2014 10:40:25 +0100 Message-ID: <52E4D806.7010909@gmx.de> Date: Sun, 26 Jan 2014 10:40:22 +0100 From: Julian Reschke User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Phil Hunt References: <52D984F8.8010204@gmx.de> <52DD2711.9040806@gmx.de> <64F5F2C1-168C-4EF4-94AF-EFB3FF2D4ABF@oracle.com> In-Reply-To: <64F5F2C1-168C-4EF4-94AF-EFB3FF2D4ABF@oracle.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:htWQ6IOxar9QcHNTXl+Vha4QJ9r3DdqkLOsbD9lRlwa8HigjVf8 WjzdEeDbb4LVA74mSq7Qi+galMst5GOX2ifswPTw9ZEA9fXHQtXk7yRXdQQLkDe/x/JxL5y wt0FYszR2wiLjWqxBTDlk/018RG5UPvE09rDHK75Jp+eaWoy1WdmOqFJyPtmPSIoNmckp6i MVuEY8zHiIBERwnvyDwnw== Cc: "scim@ietf.org" , =?UTF-8?B?RXJpayBXYWhsc3Ryw7Zt?= , Matt Randall Subject: Re: [scim] HTTP Status code for successful DELETE X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jan 2014 09:40:31 -0000 On 2014-01-25 23:51, Phil Hunt wrote: >> On Jan 20, 2014, at 8:39, Julian Reschke wrote: >> >>> On 2014-01-20 14:21, Erik Wahlström wrote: >>> Hi, >>> >>> I’ve been thinking about this for a while now and it feels like we >>> already have started to profile HTTP. Even through I kinda like the >>> concept of not messing with it. >>> >>> An examples is that the spec define that a create should be a 201 >>> Created. An un-profiled spec would also accept 100 Continue. Another >> >> Yes and no. 100 Continue is not a final status. >> >> And no, don't profile. > > Umm why or why not is ANY rest spec a profile of http? There are different layers that can be profiled. > ... > In scim i am not aware of this possibility. Patch can only change attributes of existing resources. > ... Attributes of? But yes, if PATCH never creates a resource than a 201 will not be returned. However the same isn't necessarily true for new 2xx codes. > ... Best regards, Julian From phil.hunt@oracle.com Sun Jan 26 09:36:46 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CF431A000A for ; Sun, 26 Jan 2014 09:36:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.736 X-Spam-Level: X-Spam-Status: No, score=-4.736 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uv3_QWCrISlj for ; Sun, 26 Jan 2014 09:36:44 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 3D6FE1A0004 for ; Sun, 26 Jan 2014 09:36:43 -0800 (PST) Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0QHabn1014753 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 26 Jan 2014 17:36:38 GMT Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s0QHaZps001919 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 26 Jan 2014 17:36:35 GMT Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by userz7022.oracle.com (8.14.5+Sun/8.14.4) with ESMTP id s0QHaZDh001904; Sun, 26 Jan 2014 17:36:35 GMT Received: from [192.168.1.125] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 26 Jan 2014 09:36:35 -0800 References: <52D984F8.8010204@gmx.de> <52DD2711.9040806@gmx.de> <64F5F2C1-168C-4EF4-94AF-EFB3FF2D4ABF@oracle.com> <52E4D806.7010909@gmx.de> Mime-Version: 1.0 (1.0) In-Reply-To: <52E4D806.7010909@gmx.de> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-Id: <7E3CB0D9-131E-4794-9812-E0ACD3D20A69@oracle.com> X-Mailer: iPhone Mail (11B554a) From: Phil Hunt Date: Sun, 26 Jan 2014 09:36:29 -0800 To: Julian Reschke X-Source-IP: ucsinet22.oracle.com [156.151.31.94] Cc: "scim@ietf.org" , =?utf-8?Q?Erik_Wahlstr=C3=B6m?= , Matt Randall Subject: Re: [scim] HTTP Status code for successful DELETE X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jan 2014 17:36:46 -0000 It seems to me that SCIM as a REST API that is a highly profiled layer on to= p of HTTP in both API and common attribute and object schema. The objective o= f which is specificity to create highly interoperable cross domain communica= tion of well specified objects.=20 I agree that at no time should SCIM conflict with the http layer. However, f= or items that remain unspecified or unclear (eg redirects and use of some re= sult codes), the spec should be sufficiently specific to achieve interop and= no more.=20 Based on some of your comments, we might need to register new codes -- parti= cularly for attribute level issues. My guess is resource issues are well spe= cified by http. Your comment about http patch is interesting in this regard.= =20 Phil > On Jan 26, 2014, at 1:40, Julian Reschke wrote: >=20 > On 2014-01-25 23:51, Phil Hunt wrote: >>> On Jan 20, 2014, at 8:39, Julian Reschke wrote: >>>=20 >>>> On 2014-01-20 14:21, Erik Wahlstr=C3=B6m wrote: >>>> Hi, >>>>=20 >>>> I=E2=80=99ve been thinking about this for a while now and it feels like= we >>>> already have started to profile HTTP. Even through I kinda like the >>>> concept of not messing with it. >>>>=20 >>>> An examples is that the spec define that a create should be a 201 >>>> Created. An un-profiled spec would also accept 100 Continue. Another >>>=20 >>> Yes and no. 100 Continue is not a final status. >>>=20 >>> And no, don't profile. >>=20 >> Umm why or why not is ANY rest spec a profile of http? >=20 > There are different layers that can be profiled. >=20 >> ... >> In scim i am not aware of this possibility. Patch can only change attribu= tes of existing resources. >> ... >=20 > Attributes of? >=20 > But yes, if PATCH never creates a resource than a 201 will not be returned= . However the same isn't necessarily true for new 2xx codes. >=20 >> ... >=20 > Best regards, Julian >=20 From phil.hunt@oracle.com Mon Jan 27 14:20:25 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5D0E1A038C for ; Mon, 27 Jan 2014 14:20:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.735 X-Spam-Level: X-Spam-Status: No, score=-4.735 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j1EXQnVpgmmw for ; Mon, 27 Jan 2014 14:20:24 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id ED12E1A0270 for ; Mon, 27 Jan 2014 14:20:23 -0800 (PST) Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0RMKKER007800 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 27 Jan 2014 22:20:21 GMT Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0RMKK1J004741 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 27 Jan 2014 22:20:20 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0RMKJoh004731 for ; Mon, 27 Jan 2014 22:20:19 GMT Received: from [192.168.1.124] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 27 Jan 2014 14:20:19 -0800 From: Phil Hunt Content-Type: multipart/alternative; boundary="Apple-Mail=_3F5321E3-CB08-4EB0-9547-370B4AACBC91" Message-Id: <8F645895-D33F-4FDA-BF24-E6A1F83B9096@oracle.com> Date: Mon, 27 Jan 2014 14:20:15 -0800 To: "scim@ietf.org WG" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) X-Source-IP: ucsinet21.oracle.com [156.151.31.93] Subject: [scim] Ticket updates X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jan 2014 22:20:25 -0000 --Apple-Mail=_3F5321E3-CB08-4EB0-9547-370B4AACBC91 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On consultation with Leif, I took the opportunity to close some tickets = as duplicate or won't fix. These items were all discussed at IETF88 and = more recently in the spread sheet I sent around. If you have any objections to these closures, please let me know. Happy = to re-open! I'm now ploughing through the tickets where we had proposals at IETF88 = and good discussion or have matured well within the tickets themselves. = These updates are all marked as for "Draft 03" in the spreadsheet. The = text going into the documents follows the proposals with minor updates = from discussions at IETF88 and editorial clarification only.=20 FWIW. Best way to add more discussion is to make a comment on the list = or to the tickets themselves (which automatically cross-post to the = list). Phil @independentid www.independentid.com phil.hunt@oracle.com --Apple-Mail=_3F5321E3-CB08-4EB0-9547-370B4AACBC91 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii On = consultation with Leif, I took the opportunity to close some tickets as = duplicate or won't fix. These items were all discussed at IETF88 and = more recently in the spread sheet I sent around.

If = you have any objections to these closures, please let me know. Happy to = re-open!

I'm now ploughing through the tickets = where we had proposals at IETF88 and good discussion or have matured = well within the tickets themselves.  These updates are all marked = as for "Draft 03" in the spreadsheet.  The text going into the = documents follows the proposals with minor updates from discussions at = IETF88 and editorial clarification = only. 

FWIW. Best way to add more = discussion is to make a comment on the list or to the tickets themselves = (which automatically cross-post to the = list).

= --Apple-Mail=_3F5321E3-CB08-4EB0-9547-370B4AACBC91-- From d.moebius@tarent.de Wed Jan 29 01:20:00 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35961A0364 for ; Wed, 29 Jan 2014 01:20:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.977 X-Spam-Level: X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTGgRa2Vcwwl for ; Wed, 29 Jan 2014 01:19:59 -0800 (PST) Received: from mail-pa0-f70.google.com (mail-pa0-f70.google.com [209.85.220.70]) by ietfa.amsl.com (Postfix) with ESMTP id 13F671A02A6 for ; Wed, 29 Jan 2014 01:19:58 -0800 (PST) Received: by mail-pa0-f70.google.com with SMTP id kq14so3540734pab.9 for ; Wed, 29 Jan 2014 01:19:56 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=EpF+3sCPEnmnf63xVfxTxVA3+Pw0Nt4A2u7YlYXXRwE=; b=l+DOL5SbOa95CATDL00rFn1eKUuxszHwPeTxkfN8kuSs3OTmILM/YR+stGd9MHyuuE wBDWmCCHOF5A7X37o4gVpHOjW5KKczy0wP8RcuC6Oba4EOcggG0eUvmwPfJQfeDjMRqb UWH8i+ediX2sEhCTrriBpvZjXppxV+DHaKwZsjUdyM20+y7E6McfFr7bnh/uWDVlrDAf llmPCxz8gKc6YEOT/MY0y64gud4ziZYkVMMmRXEb8TD4OUposAFlaPv+oNrZAwqLr0jk Q7qHj6W/ck8PeffZI/GXGJdi6HnL4tDnJXtuAABWBz8180vmp8dR1XTR7eVeYtNl+P+h F65Q== X-Gm-Message-State: ALoCoQmPxkBmJGgxSHSKi1EMsRTqaUCUsAnygXpdx1L7WmI7fsONKkZSFdJFSeS38GIgaXpBYutD MIME-Version: 1.0 X-Received: by 10.66.139.169 with SMTP id qz9mr6976213pab.16.1390987196146; Wed, 29 Jan 2014 01:19:56 -0800 (PST) Received: by 10.66.67.41 with HTTP; Wed, 29 Jan 2014 01:19:56 -0800 (PST) Date: Wed, 29 Jan 2014 10:19:56 +0100 Message-ID: From: David Moebius To: "scim@ietf.org" Content-Type: multipart/alternative; boundary=047d7b5d86b5b6bfc004f1187197 Subject: [scim] photo MUST be an url to an image X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 09:20:01 -0000 --047d7b5d86b5b6bfc004f1187197 Content-Type: text/plain; charset=ISO-8859-1 Hi, in http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2(photos) you write the String given MUST be an image e.g. a GIF, JPEG, or PNG image file. I would say it is dangerous only to allow these 3 file types. First of all a lot of other fileformats exist and it could be that tomorrow a great new file format is invented that everyone would like to use. Because of this I don't want to force the client to provide a String that ends with e.g. .jpg My problem is how I should be sure that the String given really points to an image. I also don't want to call the provided address and retrieve the image. For this I would like to allow every String as "picture" and the client itsself has to care about if it is a picture or not. What do you think about this? David --047d7b5d86b5b6bfc004f1187197 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi,

in=A0http://tools.ietf.org/h= tml/draft-ietf-scim-core-schema-02#section-6.2 (photos) you write the S= tring given MUST be an image e.g. a GIF, JPEG, or PNG image file.
I would say it is dangerous only to allow these 3 file types. First of= all a lot of other fileformats exist and it could be that tomorrow a great= new file format is invented that everyone would like to use.

Because of this I don't want to force the client to prov= ide a String that ends with e.g. .jpg

My problem i= s how I should be sure that the String given really points to an image. I a= lso don't want to call the provided address and retrieve the image.

For this I would like to allow every String as "pi= cture" and the client itsself has to care about if it is a picture or = not.

What do you think about this?

David
--047d7b5d86b5b6bfc004f1187197-- From t.krille@tarent.de Wed Jan 29 04:27:40 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C33781A043E for ; Wed, 29 Jan 2014 04:27:40 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.522 X-Spam-Level: X-Spam-Status: No, score=0.522 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_54=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P-GB1FS6PpMf for ; Wed, 29 Jan 2014 04:27:39 -0800 (PST) Received: from mail-ea0-f198.google.com (mail-ea0-f198.google.com [209.85.215.198]) by ietfa.amsl.com (Postfix) with ESMTP id C523A1A0360 for ; Wed, 29 Jan 2014 04:27:38 -0800 (PST) Received: by mail-ea0-f198.google.com with SMTP id h14so3471893eaj.1 for ; Wed, 29 Jan 2014 04:27:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=T4h9FgK+85Gqi+FB/eacqBJSAnaUb24BRDP77wDhVzQ=; b=Sakw8MJCAVHjgcLC0wL9CENsmmuRGpNqrMc2bB2YX8O3nFnJrdcPERkBQTlsxGPBB+ Lkt4OTAaxaQHDoqyYjvxMz483ZNDLPOdFB+RTrbgU8M6vETFcOiDWEv4fxPGdf7OA1Zr FB3tT+mEdi+TdNt+fWLSBKxdLHGrR02n8XNfb0hAA+QiM3ZaDbtRmgWbb1q7tisej3LV novS/ObZwzTg3ZOPHppWt6XhwALHj50sBo/7lDlpLicw2z++JovdlqnOJ+R2yoeaLHqa nXQJF0Ed7Jn95oYGNvUEoIAKOpICqcYNfPmKj1VpGtEiK1ietQ/M4cT+APBo4AasovEB zZyA== X-Gm-Message-State: ALoCoQmyc511wDlsP9EbjEwuuhOAm7bNzEdeRE53hfE3o0988l1HAhb12jcQwBRXTmNpihXKh2To X-Received: by 10.180.210.171 with SMTP id mv11mr5589476wic.44.1390998454994; Wed, 29 Jan 2014 04:27:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.227.6.200 with HTTP; Wed, 29 Jan 2014 04:27:14 -0800 (PST) From: Thomas Krille Date: Wed, 29 Jan 2014 13:27:14 +0100 Message-ID: To: "scim@ietf.org" Content-Type: multipart/alternative; boundary=001a11c25d36cb247c04f11b10ee Subject: [scim] Question regarding roles.type X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 12:27:41 -0000 --001a11c25d36cb247c04f11b10ee Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, the current SCIM schema defines the type sub-attribute for entitlements multi-valued attribute as "useful as a means to scope entitlements" ( http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2). Thinking about this, I realized that the roles multi-valued attribute could benefit from such kind of type sub-attribute, too. Are there any plans to specify the type sub-attribute for roles with the same semantics as in entitlements? Or are there considerations against doing so? The specification just says "This value has NO canonical types". Kind regards Thomas Krille Softwareentwicklung tarent solutions GmbH Telefon +49 (0) 30 138803-128 Telefax +49 (0) 228 54881-235 t.krille@tarent.de Rochusstra=C3=9Fe 2-4, D-53123 Bonn =E2=80=A2 http://www.tarent.de/ Tel: +49 228 54881-0 =E2=80=A2 Fax: +49 228 54881-235 HRB AG Bonn 5168 =E2=80=A2 USt-ID (VAT): DE122264941 Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Ale= xander Steeg --001a11c25d36cb247c04f11b10ee Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello,

the current SCIM schema defines = the type sub-attribute for entitlements multi-valued attribute as "useful as a means=C2=A0<= span style=3D"font-size:1em;color:rgb(0,0,0)">to scope entitlements&= quot; (http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#sec= tion-6.2). Thinking about this, I realized that the roles multi-valued = attribute could benefit from such kind of type sub-attribute, too. Are ther= e any plans to specify the type sub-attribute for roles with the same seman= tics as in entitlements? Or are there considerations against doing so? The = specification just says=C2=A0"This value=C2=A0has NO canonical types&q= uot;.

Kind regards

Thomas Krille
Softwareentwicklung
tarent solutions GmbH
<= br>Telefon +49 (0) 30 138803-128
Telefax +49 (0) 228 54881-235
t.krille@tarent.de
Rochusstra=C3=9Fe 2-4, D-53123 Bonn =E2=80=A2=C2=A0http://www.t= arent.de/
Tel: +49 228 54881-0 =E2=80=A2 Fax: +49 228 54881-235
H= RB AG Bonn 5168 =E2=80=A2 USt-ID (VAT): DE122264941
Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Ale= xander Steeg
--001a11c25d36cb247c04f11b10ee-- From leifj@mnt.se Wed Jan 29 04:42:47 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23E61A039C for ; Wed, 29 Jan 2014 04:42:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yk1Vb58YnGIo for ; Wed, 29 Jan 2014 04:42:45 -0800 (PST) Received: from mail-la0-f48.google.com (mail-la0-f48.google.com [209.85.215.48]) by ietfa.amsl.com (Postfix) with ESMTP id 53EA41A02D2 for ; Wed, 29 Jan 2014 04:42:45 -0800 (PST) Received: by mail-la0-f48.google.com with SMTP id mc6so1403351lab.21 for ; Wed, 29 Jan 2014 04:42:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=DizV0jzh3svrA1KI5jxXQbPoXcKYuk0a9qZIG7VTj0o=; b=Joa0UU4bF9Tkx5PBme6uC1OzS00jJ5y4r2iZD2c3hlGM++WcCz7Kt9kSoe170SIgOK eL6Q5DaFplFCZzuzQebTHcObIQc3wJplCwTaJ330+oHzZzYJZDXo2XugqGBOKHjRIeUN bqUWd74URSH+QwZ7lsOjSTMYSccrsIkCoCdD4erPSiyYDYvDafaSaktBQn3yO3yK/Ux+ HrxBK5qYGeqCSY5X/LC5c+SeIjO/i/fFPf7b/Cpx2W4n1LjXDBJHiWU2tQN+E6Pb4E5j DM0EwTJ3gTLojMUGX1/5SAjOOhnNNpDlhvHYyjDqLadVfQF6tt8ml3mKizH6v/wTNlvG ti+Q== X-Gm-Message-State: ALoCoQnGVPYq/jqTQnzBlkeizJ4/db30AOz8tlQNiZMVMYVhHLXPGD899t/mosqyCLqb2w3cV2tX X-Received: by 10.112.236.3 with SMTP id uq3mr5125919lbc.14.1390999361661; Wed, 29 Jan 2014 04:42:41 -0800 (PST) Received: from [109.105.104.157] (dhcp23.se-tug.nordu.net. [109.105.104.157]) by mx.google.com with ESMTPSA id w2sm3343040lad.4.2014.01.29.04.42.40 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 29 Jan 2014 04:42:41 -0800 (PST) Message-ID: <52E8F740.3060508@mnt.se> Date: Wed, 29 Jan 2014 13:42:40 +0100 From: Leif Johansson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: scim@ietf.org References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/alternative; boundary="------------020400080707030905040102" Subject: Re: [scim] photo MUST be an url to an image X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 12:42:48 -0000 This is a multi-part message in MIME format. --------------020400080707030905040102 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 2014-01-29 10:19, David Moebius wrote: > Hi, Not being the author but... > > in http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2 > (photos) you write the String given MUST be an image e.g. a GIF, JPEG, > or PNG image file. > I would say it is dangerous only to allow these 3 file types. First of > all a lot of other fileformats exist and it could be that tomorrow a > great new file format is invented that everyone would like to use. > it sais 'e.g.' because those are example formats, not a complete list. > Because of this I don't want to force the client to provide a String > that ends with e.g. .jpg > > My problem is how I should be sure that the String given really points > to an image. I also don't want to call the provided address and > retrieve the image. you can't unless you deref the URL and then content-type is your friend > > For this I would like to allow every String as "picture" and the > client itsself has to care about if it is a picture or not. we want valid URLs, not every type of string. This also includes things like RFC 2397 (data:image)... > > What do you think about this? > > David > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --------------020400080707030905040102 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
On 2014-01-29 10:19, David Moebius wrote:
Hi,
Not being the author but...

in http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2 (photos) you write the String given MUST be an image e.g. a GIF, JPEG, or PNG image file.
I would say it is dangerous only to allow these 3 file types. First of all a lot of other fileformats exist and it could be that tomorrow a great new file format is invented that everyone would like to use.

it sais 'e.g.' because those are example formats, not a complete list.
Because of this I don't want to force the client to provide a String that ends with e.g. .jpg

My problem is how I should be sure that the String given really points to an image. I also don't want to call the provided address and retrieve the image.
you can't unless you deref the URL and then content-type is your friend

For this I would like to allow every String as "picture" and the client itsself has to care about if it is a picture or not.
we want valid URLs, not every type of string. This also includes things like RFC 2397 (data:image)...

What do you think about this?

David


_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim

--------------020400080707030905040102-- From Chris.Phillips@canarie.ca Wed Jan 29 05:57:37 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3311A0371 for ; Wed, 29 Jan 2014 05:57:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.064 X-Spam-Level: X-Spam-Status: No, score=0.064 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_54=0.6, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gCMSHBgBpR0c for ; Wed, 29 Jan 2014 05:57:33 -0800 (PST) Received: from canmail.canarie.ca (canmail.canarie.ca [205.189.33.17]) by ietfa.amsl.com (Postfix) with ESMTP id 344C01A02C8 for ; Wed, 29 Jan 2014 05:57:33 -0800 (PST) Received: from THUNDERCHIEF.canarie.local (192.168.1.17) by Thunderchief.canarie.local (192.168.1.17) with Microsoft SMTP Server (TLS) id 15.0.775.38; Wed, 29 Jan 2014 08:57:29 -0500 Received: from THUNDERCHIEF.canarie.local ([::1]) by Thunderchief.canarie.local ([::1]) with mapi id 15.00.0775.031; Wed, 29 Jan 2014 08:57:29 -0500 From: Chris Phillips To: "scim@ietf.org" Thread-Topic: [scim] Question regarding roles.type Thread-Index: AQHPHO2DEvPwqGrNtk6NKPiRqlsbAZqbujiA Date: Wed, 29 Jan 2014 13:57:28 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.3.9.131030 x-originating-ip: [192.168.1.95] Content-Type: multipart/alternative; boundary="_000_CF0E6DA417040Cchrisphillipscanarieca_" MIME-Version: 1.0 Subject: Re: [scim] Question regarding roles.type X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 13:57:37 -0000 --_000_CF0E6DA417040Cchrisphillipscanarieca_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Thomas, I would like to draw your attention to ticket #11[1] in regards to your que= stion if you haven't already checked it out. For the other questions: Q: Are there any plans to specify the type sub-attribute for roles with the= same semantics as in entitlements? A: Not at this time AFAIK. Q: Or are there considerations against doing so? The specification just say= s "This value has NO canonical types". A: I think it's neutral against or for so keep it as is. The notion of sub-typing the attribute kicks it into complex attribute terr= itory which increases complexity rather than a simple multi-valued attribut= e. What I believe people are asking for when sub-typing either/or/both roles &= entitlements is some way to capture 'this is an XACML entitlement, not an = eduPerson Entitlement' or 'this is an application X role sub-type of 'subsc= riber' not Application Y role sub-type of 'subscriber' yes it is in the sam= e field so how do I prevent collisions on permissions since I want to use t= hat field for my application?. The original intent of role and entitlement can be found here[2] (2011) and= ultimately made it into the original spec as you see it. Having the three main variations of how controls are applied is to avoid h= ammering one model of 'control'(group vs role vs entitlement) into another = just to transport it from A to B. The SCIM protocol remains neutral so that= anyone could use SCIM out of the box and not dilute their model by having = to transpose a role based policy structure into faux groups or entitlements= into groups. What I have seen happen is an exponential growth of groups i= n this regard and becomes nightmarish to navigate and manage. What would be helpful is to describe some real world use cases to support t= he notion of sub-typing. This will help us all to understand the larger pic= ture behind the questions. If you would like to see an example of entitlements in schema take a peek a= t eduPerson[3] Chris. [1] http://trac.tools.ietf.org/wg/scim/trac/ticket/11 [2] https://groups.google.com/d/msg/cloud-directory/bvpv9HBfdYQ/_8OMgELbSF4= J [3] http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-20= 1310.html#eduPersonEntitlement From: Thomas Krille > Date: Wednesday, 29 January, 2014 7:27 AM To: "scim@ietf.org" > Subject: [scim] Question regarding roles.type Hello, the current SCIM schema defines the type sub-attribute for entitlements mul= ti-valued attribute as "useful as a means to scope entitlements" (http://to= ols.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2). Thinking abo= ut this, I realized that the roles multi-valued attribute could benefit fro= m such kind of type sub-attribute, too. Are there any plans to specify the = type sub-attribute for roles with the same semantics as in entitlements? Or= are there considerations against doing so? The specification just says "Th= is value has NO canonical types". Kind regards Thomas Krille Softwareentwicklung tarent solutions GmbH Telefon +49 (0) 30 138803-128 Telefax +49 (0) 228 54881-235 t.krille@tarent.de Rochusstra=DFe 2-4, D-53123 Bonn * http://www.tarent.de/ Tel: +49 228 54881-0 * Fax: +49 228 54881-235 HRB AG Bonn 5168 * USt-ID (VAT): DE122264941 Gesch=E4ftsf=FChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander= Steeg --_000_CF0E6DA417040Cchrisphillipscanarieca_ Content-Type: text/html; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable
Hi Thomas,

I would like to draw your attention to ticket #11[1] in regards to you= r question if you haven't already checked it out.

For the other questions:

Q: Are there any plans to specify the type sub-attribute for roles wit= h the same semantics as in entitlements?

A: Not= at this time AFAIK.

Q: Or are there considerations against doing so? The specification jus= t says "This value has NO canonical types".

A: I t= hink it's neutral against or for so keep it as is.


The notion of sub-typing the attribute kicks it into complex attribute= territory which increases complexity rather than a simple multi-valued att= ribute.

What I believe people are asking for when sub-typing either/or/both ro= les & entitlements is some way to capture 'this is an XACML entitlement= , not an eduPerson Entitlement' or 'this is an application X role sub-type = of 'subscriber' not Application Y role sub-type of 'subscriber' yes it is in the same field so how do I prevent c= ollisions on permissions since I want to use that field for my application?= .

The original intent of role and entitlement can be found here[2] (2011= ) and ultimately made it into the original spec as you see it.

Having the three main variations of how controls are applied  is = to avoid hammering one model of 'control'(group vs role vs entitlement) int= o another just to transport it from A to B. The SCIM protocol remains neutr= al so that anyone could use SCIM out of the box and not dilute their model by having to transpose a role based = policy structure into faux groups or entitlements into groups.  What I= have seen happen is an exponential growth of groups in this regard and bec= omes nightmarish to navigate and manage.

What would be helpful is to describe some real world use cases to supp= ort the notion of sub-typing. This will help us all to understand the large= r picture behind the questions.

If you would like to see an example of entitlements in schema take a p= eek at eduPerson[3]

Chris.



From: Thomas Krille <t.krille@tarent.de>
Date: Wednesday, 29 January, 2014 7= :27 AM
To: "scim@ietf.org" <scim@i= etf.org>
Subject: [scim] Question regarding = roles.type

Hello,

the current SCIM schema defines the type sub-attribute for entitlement= s multi-valued attribute as "useful as a means to scope entitlements" (http://tools.ietf.org/ht= ml/draft-ietf-scim-core-schema-02#section-6.2). Thinking about this, I realized that the roles multi-valued attribute coul= d benefit from such kind of type sub-attribute, too. Are there any plans to= specify the type sub-attribute for roles with the same semantics as in ent= itlements? Or are there considerations against doing so? The specification just says "This value h= as NO canonical types".

Kind regards

Thomas Krille
Softwareentwicklung
tarent solutions GmbH

Telefon +49 (0) 30 138803-128
Telefax +49 (0) 228 54881-235
t.krille@tarent.de<= /a>

Rochusstra=DFe 2-4, D-53123 Bonn • http://www.tarent.de/=
Tel: +49 228 54881-0 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Gesch=E4ftsf=FChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander= Steeg
 --_000_CF0E6DA417040Cchrisphillipscanarieca_-- From phil.hunt@oracle.com Wed Jan 29 10:39:42 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B922A1A02C0 for ; Wed, 29 Jan 2014 10:39:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.416 X-Spam-Level: X-Spam-Status: No, score=-0.416 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_34=0.6, J_CHICKENPOX_54=0.6, J_CHICKENPOX_64=0.6, J_CHICKENPOX_65=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_HTML_ATTACH=0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S_U4BYqDFBwj for ; Wed, 29 Jan 2014 10:39:36 -0800 (PST) Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) by ietfa.amsl.com (Postfix) with ESMTP id 2B0BF1A021B for ; Wed, 29 Jan 2014 10:39:36 -0800 (PST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0TIdWt4023420 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Wed, 29 Jan 2014 18:39:33 GMT Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0TIdV4H008063 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Wed, 29 Jan 2014 18:39:32 GMT Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0TIdUjQ018160 for ; Wed, 29 Jan 2014 18:39:30 GMT Received: from [192.168.1.124] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 29 Jan 2014 10:39:28 -0800 From: Phil Hunt Content-Type: multipart/alternative; boundary="Apple-Mail=_F15060F1-A50A-4F80-8097-B00477171096" Message-Id: Date: Wed, 29 Jan 2014 10:39:24 -0800 To: "scim@ietf.org WG" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) X-Source-IP: acsinet22.oracle.com [141.146.126.238] Subject: [scim] Some diffs current draft 03 work X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 18:39:42 -0000 --Apple-Mail=_F15060F1-A50A-4F80-8097-B00477171096 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 For the call today, please find attached the diffs so far for = work-in-progress on draft 03. For schema, tickets 9 (attribute = uniqueness), 10 (sensitivity/returnability), 35 (mutability of = attributes) have been added. For api, tickets 24 (filter negation), 49 = (missing ends-with filter), and 50 (complex-multi-value filters). Note, the language on these will still go through another round of = editing=85.this is just the first stab based on what was in the tickets. Comments appreciated. Phil @independentid www.independentid.com phil.hunt@oracle.com --Apple-Mail=_F15060F1-A50A-4F80-8097-B00477171096 Content-Type: multipart/mixed; boundary="Apple-Mail=_75CB9A25-1480-4E78-911F-FB40B58359C4" --Apple-Mail=_75CB9A25-1480-4E78-911F-FB40B58359C4 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 For = the call today, please find attached the diffs so far for = work-in-progress on draft 03.  For schema, tickets 9 (attribute = uniqueness), 10 (sensitivity/returnability), 35 (mutability of = attributes) have been added.  For api, tickets 24 (filter = negation), 49 (missing ends-with filter), and 50 (complex-multi-value = filters).

Note, the language on these will still go = through another round of editing=85.this is just the first stab based on = what was in the tickets.

Comments = appreciated.

= --Apple-Mail=_75CB9A25-1480-4E78-911F-FB40B58359C4 Content-Disposition: attachment; filename=draft-ietf-scim-core-schema-02-03.diff.txt.html Content-Type: text/html; name="draft-ietf-scim-core-schema-02-03.diff.txt.html" Content-Transfer-Encoding: 7bit Diff: draft-ietf-scim-core-schema-02.txt - draft-ietf-scim-core-schema-03.txt
< draft-ietf-scim-core-schema-02.txt   draft-ietf-scim-core-schema-03.txt >
skipping to change at page 1, line 13 skipping to change at page 1, line 13
Network Working Group C. Mortimore, Ed. Network Working Group C. Mortimore, Ed.
Internet-Draft Salesforce Internet-Draft Salesforce
Intended status: Standards Track P. Harding Intended status: Standards Track P. Harding
Expires: March 3, 2014 P. Madsen Expires: March 3, 2014 P. Madsen
Ping Ping
T. Drake T. Drake
UnboundID UnboundID
August 30, 2013 August 30, 2013
System for Cross-Domain Identity Management: Core Schema System for Cross-Domain Identity Management: Core Schema
draft-ietf-scim-core-schema-02 draft-ietf-scim-core-schema-03
Abstract Abstract
The System for Cross-Domain Identity Management (SCIM) specification The System for Cross-Domain Identity Management (SCIM) specification
is designed to make managing user identity in cloud based is designed to make managing user identity in cloud based
applications and services easier. The specification suite builds applications and services easier. The specification suite builds
upon experience with existing schemas and deployments, placing upon experience with existing schemas and deployments, placing
specific emphasis on simplicity of development and integration, while specific emphasis on simplicity of development and integration, while
applying existing authentication, authorization, and privacy models. applying existing authentication, authorization, and privacy models.
Its intent is to reduce the cost and complexity of user management Its intent is to reduce the cost and complexity of user management
skipping to change at page 2, line 49 skipping to change at page 2, line 49
5.1. Common Schema Attributes . . . . . . . . . . . . . . . . 8 5.1. Common Schema Attributes . . . . . . . . . . . . . . . . 8
5.2. "schemas" Attribute . . . . . . . . . . . . . . . . . . . 9 5.2. "schemas" Attribute . . . . . . . . . . . . . . . . . . . 9
6. SCIM User Schema . . . . . . . . . . . . . . . . . . . . . . 10 6. SCIM User Schema . . . . . . . . . . . . . . . . . . . . . . 10
6.1. Singular Attributes . . . . . . . . . . . . . . . . . . . 10 6.1. Singular Attributes . . . . . . . . . . . . . . . . . . . 10
6.2. Multi-valued Attributes . . . . . . . . . . . . . . . . . 12 6.2. Multi-valued Attributes . . . . . . . . . . . . . . . . . 12
7. SCIM Enterprise User Schema Extension . . . . . . . . . . . . 14 7. SCIM Enterprise User Schema Extension . . . . . . . . . . . . 14
8. SCIM Group Schema . . . . . . . . . . . . . . . . . . . . . . 15 8. SCIM Group Schema . . . . . . . . . . . . . . . . . . . . . . 15
9. Service Provider Configuration Schema . . . . . . . . . . . . 15 9. Service Provider Configuration Schema . . . . . . . . . . . . 15
10. Resource Type Schema . . . . . . . . . . . . . . . . . . . . 17 10. Resource Type Schema . . . . . . . . . . . . . . . . . . . . 17
11. Schema Schema . . . . . . . . . . . . . . . . . . . . . . . . 18 11. Schema Schema . . . . . . . . . . . . . . . . . . . . . . . . 18
12. JSON Representation . . . . . . . . . . . . . . . . . . . . . 20 12. JSON Representation . . . . . . . . . . . . . . . . . . . . . 21
12.1. Minimal User Representation . . . . . . . . . . . . . . 20 12.1. Minimal User Representation . . . . . . . . . . . . . . 21
12.2. Full User Representation . . . . . . . . . . . . . . . . 20 12.2. Full User Representation . . . . . . . . . . . . . . . . 21
12.3. Enterprise User Extension Representation . . . . . . . . 23 12.3. Enterprise User Extension Representation . . . . . . . . 24
12.4. Group Representation . . . . . . . . . . . . . . . . . . 26 12.4. Group Representation . . . . . . . . . . . . . . . . . . 27
12.5. Service Provider Configuration Representation . . . . . 27 12.5. Service Provider Configuration Representation . . . . . 28
12.6. Resource Type Representation . . . . . . . . . . . . . . 28 12.6. Resource Type Representation . . . . . . . . . . . . . . 29
12.7. Schema Representation . . . . . . . . . . . . . . . . . 29 12.7. Schema Representation . . . . . . . . . . . . . . . . . 30
13. Security Considerations . . . . . . . . . . . . . . . . . . . 34 13. Security Considerations . . . . . . . . . . . . . . . . . . . 35
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 34 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
14.1. Normative References . . . . . . . . . . . . . . . . . . 0 14.1. Normative References . . . . . . . . . . . . . . . . . . 0
14.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 34 14.2. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 35 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36
1. Requirements Notation and Conventions 1. Requirements Notation and Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119] . document are to be interpreted as described in [RFC2119] .
Throughout this document, values are quoted to indicate that they are Throughout this document, values are quoted to indicate that they are
to be taken literally. When using these values in protocol messages, to be taken literally. When using these values in protocol messages,
the quotes MUST NOT be used as part of the value. the quotes MUST NOT be used as part of the value.
skipping to change at page 12, line 23 skipping to change at page 12, line 23
The following multi-valued attributes are defined. The following multi-valued attributes are defined.
emails E-mail addresses for the User. The value SHOULD be emails E-mail addresses for the User. The value SHOULD be
canonicalized by the Service Provider, e.g. bjensen@example.com canonicalized by the Service Provider, e.g. bjensen@example.com
instead of bjensen@EXAMPLE.COM. Canonical Type values of work, instead of bjensen@EXAMPLE.COM. Canonical Type values of work,
home, and other. home, and other.
phoneNumbers Phone numbers for the User. The value SHOULD be phoneNumbers Phone numbers for the User. The value SHOULD be
canonicalized by the Service Provider according to format in canonicalized by the Service Provider according to format in
RFC3966 [20] e.g. 'tel:+1-201-555-0123'. Canonical Type values of RFC3966 [20] e.g. 'tel:+1-201-555-0123'. Canonical Type values
work, home, mobile, fax, pager and other. of work, home, mobile, fax, pager and other.
ims Instant messaging address for the User. No official ims Instant messaging address for the User. No official
canonicalization rules exist for all instant messaging addresses, canonicalization rules exist for all instant messaging addresses,
but Service Providers SHOULD, when appropriate, remove all but Service Providers SHOULD, when appropriate, remove all
whitespace and convert the address to lowercase. Instead of the whitespace and convert the address to lowercase. Instead of the
standard Canonical Values for type, this attribute defines the standard Canonical Values for type, this attribute defines the
following Canonical Values to represent currently popular IM following Canonical Values to represent currently popular IM
services: aim, gtalk, icq, xmpp, msn, skype, qq, and yahoo. services: aim, gtalk, icq, xmpp, msn, skype, qq, and yahoo.
photos URL of a photo of the User. The value SHOULD be a photos URL of a photo of the User. The value SHOULD be a
skipping to change at page 19, line 20 skipping to change at page 19, line 20
readOnly A Boolean value that specifies if the attribute is readOnly A Boolean value that specifies if the attribute is
mutable. mutable.
required A Boolean value that specifies if the attribute is required A Boolean value that specifies if the attribute is
required. required.
caseExact A Boolean value that specifies if the String attribute caseExact A Boolean value that specifies if the String attribute
is case sensitive. is case sensitive.
mutability A single keyword indicating what types of
modifications an attribute MAY accept as follows:
readOnly The attribute MAY NOT be modified.
readWrite (DEFAULT) The attribute MAY be updated and read at
any time.
immutable The attribute MAY be defined at resource creation
(e.g. POST) or at record replacement via request (e.g. a
PUT). The attribute MAY NOT be updated.
writeOnly The attribute MAY be updated at any time. Attribute
values MAY NOT be returned (e.g. because the value is a
stored hash). Note: an attribute with mutability of
"writeOnly" usually also has a returned setting of "never".
returned A single keyword that indicates when an attribute and
associated values are returned in response to a GET request or
in response to a PUT, POST, or PATCH request. Valid keywords
are:
always The attribute is always returned regardless of the
contents of the "attributes" parameter. For example, "id"
is always returned to identify a SCIM resource.
never The attribute is never returned. This may occur because
the original attribute value is not retained by the service
provider (e.g. such as with a hashed value). A service
provider MAY allow attributes to be used in a search filter.
(DEFAULT) The attribute is returned by default in all SCIM
operation responses where attribute values are returned. If
the GET request "attributes" parameter is specified,
attribute values are only returned if the attribute is named
in the attributes parameter.
request The attribute is returned in response to any PUT,
POST, or PATCH operations if the attribute was specified by
the client (for example, the attribute was modified). The
attribute is returned in a GET operation only if specified
in the "attributes" parameter.
uniqueness A single keyword value that specifies how unique
attribute values are. A server MAY reject an invalid value
based on uniqueness by returning HTTP Response code 400 (Bad
Request). Valid keywords are:
none (DEFAULT) The values are not intended to be unique in any
way.
server The value SHOULD be unique within the context of the
current SCIM endpoint but MAY not be globally unique (e.g. a
user-id, email address, or other server generated key or
counter). No two resources on the same server SHOULD
possess the same value.
global The value SHOULD be globally unique (e.g. an email
address, a GUID, or other value). No two resources on any
server SHOULD possess the same value.
referenceTypes The names of the Resource Types that may be referenceTypes The names of the Resource Types that may be
referenced; e.g., User. This is only applicable for attributes referenced; e.g., User. This is only applicable for attributes
that are of the "reference" data type. that are of the "reference" data type.
The following multi-valued attributes are defined. There are The following multi-valued attributes are defined. There are
no canonical type values defined and the primary value serves no canonical type values defined and the primary value serves
no useful purpose. no useful purpose.
subAttributes A list specifying the contained attributes. subAttributes A list specifying the contained attributes.
OPTIONAL. OPTIONAL.
 End of changes. 5 change blocks. 
16 lines changed or deleted 77 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/
--Apple-Mail=_75CB9A25-1480-4E78-911F-FB40B58359C4 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii
--Apple-Mail=_75CB9A25-1480-4E78-911F-FB40B58359C4 Content-Disposition: attachment; filename=draft-ietf-scim-api-02-03.diff.txt.html Content-Type: text/html; name="draft-ietf-scim-api-02-03.diff.txt.html" Content-Transfer-Encoding: 7bit Diff: draft-ietf-scim-api-02.txt - draft-ietf-scim-api-03.txt
< draft-ietf-scim-api-02.txt   draft-ietf-scim-api-03.txt >
skipping to change at page 1, line 16 skipping to change at page 1, line 16
Expires: March 3, 2014 SalesForce Expires: March 3, 2014 SalesForce
M. Ansari M. Ansari
Cisco Cisco
K. Grizzle K. Grizzle
SailPoint SailPoint
E. Wahlstroem E. Wahlstroem
Technology Nexus Technology Nexus
August 30, 2013 August 30, 2013
System for Cross-Domain Identity Management:Protocol System for Cross-Domain Identity Management:Protocol
draft-ietf-scim-api-02 draft-ietf-scim-api-03
Abstract Abstract
The System for Cross-Domain Identity Management (SCIM) specification The System for Cross-Domain Identity Management (SCIM) specification
is designed to make managing user identity in cloud based is designed to make managing user identity in cloud based
applications and services easier. The specification suite seeks to applications and services easier. The specification suite seeks to
build upon experience with existing schemas and deployments, placing build upon experience with existing schemas and deployments, placing
specific emphasis on simplicity of development and integration, while specific emphasis on simplicity of development and integration, while
applying existing authentication, authorization, and privacy models. applying existing authentication, authorization, and privacy models.
It's intent is to reduce the cost and complexity of user management It's intent is to reduce the cost and complexity of user management
skipping to change at page 2, line 33 skipping to change at page 2, line 33
1.1. Intended Audience . . . . . . . . . . . . . . . . . . . . 3 1.1. Intended Audience . . . . . . . . . . . . . . . . . . . . 3
1.2. Notational Conventions . . . . . . . . . . . . . . . . . 3 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 3
1.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3
2. Authentication and Authorization . . . . . . . . . . . . . . 3 2. Authentication and Authorization . . . . . . . . . . . . . . 3
3. API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Creating Resources . . . . . . . . . . . . . . . . . . . 6 3.1. Creating Resources . . . . . . . . . . . . . . . . . . . 6
3.1.1. Resource Types . . . . . . . . . . . . . . . . . . . 7 3.1.1. Resource Types . . . . . . . . . . . . . . . . . . . 7
3.2. Retrieving Resources . . . . . . . . . . . . . . . . . . 7 3.2. Retrieving Resources . . . . . . . . . . . . . . . . . . 7
3.2.1. Retrieving a known Resource . . . . . . . . . . . . . 7 3.2.1. Retrieving a known Resource . . . . . . . . . . . . . 7
3.2.2. List/Query Resources . . . . . . . . . . . . . . . . 9 3.2.2. List/Query Resources . . . . . . . . . . . . . . . . 9
3.2.3. Querying Resources Using HTTP POST . . . . . . . . . 16 3.2.3. Querying Resources Using HTTP POST . . . . . . . . . 18
3.3. Modifying Resources . . . . . . . . . . . . . . . . . . . 19 3.3. Modifying Resources . . . . . . . . . . . . . . . . . . . 20
3.3.1. Modifying with PUT . . . . . . . . . . . . . . . . . 20 3.3.1. Modifying with PUT . . . . . . . . . . . . . . . . . 21
3.3.2. Modifying with PATCH . . . . . . . . . . . . . . . . 21 3.3.2. Modifying with PATCH . . . . . . . . . . . . . . . . 22
3.4. Deleting Resources . . . . . . . . . . . . . . . . . . . 29 3.4. Deleting Resources . . . . . . . . . . . . . . . . . . . 30
3.5. Bulk . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.5. Bulk . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.6. Data Input/Output Formats . . . . . . . . . . . . . . . . 45 3.6. Data Input/Output Formats . . . . . . . . . . . . . . . . 46
3.7. Additional retrieval query parameters . . . . . . . . . . 46 3.7. Additional retrieval query parameters . . . . . . . . . . 47
3.8. Attribute Notation . . . . . . . . . . . . . . . . . . . 47 3.8. Attribute Notation . . . . . . . . . . . . . . . . . . . 48
3.9. HTTP Response Codes . . . . . . . . . . . . . . . . . . . 47 3.9. HTTP Response Codes . . . . . . . . . . . . . . . . . . . 48
3.10. API Versioning . . . . . . . . . . . . . . . . . . . . . 50 3.10. API Versioning . . . . . . . . . . . . . . . . . . . . . 51
3.11. Versioning Resources . . . . . . . . . . . . . . . . . . 50 3.11. Versioning Resources . . . . . . . . . . . . . . . . . . 51
3.12. HTTP Method Overloading . . . . . . . . . . . . . . . . . 52 3.12. HTTP Method Overloading . . . . . . . . . . . . . . . . . 53
4. Multi-Tenancy . . . . . . . . . . . . . . . . . . . . . . . . 52 4. Multi-Tenancy . . . . . . . . . . . . . . . . . . . . . . . . 53
4.1. Associating Consumers to Tenants . . . . . . . . . . . . 53 4.1. Associating Consumers to Tenants . . . . . . . . . . . . 54
4.1.1. URL Prefix Example . . . . . . . . . . . . . . . . . 53 4.1.1. URL Prefix Example . . . . . . . . . . . . . . . . . 54
4.1.2. Subdomain Example . . . . . . . . . . . . . . . . . . 53 4.1.2. Subdomain Example . . . . . . . . . . . . . . . . . . 54
4.1.3. HTTP Header . . . . . . . . . . . . . . . . . . . . . 54 4.1.3. HTTP Header . . . . . . . . . . . . . . . . . . . . . 55
4.2. SCIM Identifiers with Multiple Tenants . . . . . . . . . 54 4.2. SCIM Identifiers with Multiple Tenants . . . . . . . . . 55
5. Security Considerations . . . . . . . . . . . . . . . . . . . 54 5. Security Considerations . . . . . . . . . . . . . . . . . . . 55
6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 54 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 55
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 54 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 55
8.1. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 55 8.1. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 55 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 56
1. Introduction and Overview 1. Introduction and Overview
The SCIM Protocol is an application-level, REST protocol for The SCIM Protocol is an application-level, REST protocol for
provisioning and managing identity data on the web. The protocol provisioning and managing identity data on the web. The protocol
supports creation, modification, retrieval, and discovery of core supports creation, modification, retrieval, and discovery of core
identity Resources; i.e., Users and Groups, as well as custom identity Resources; i.e., Users and Groups, as well as custom
Resource extensions. Resource extensions.
1.1. Intended Audience 1.1. Intended Audience
skipping to change at page 12, line 5 skipping to change at page 12, line 5
expressions can be grouped together using "()". expressions can be grouped together using "()".
The operators supported in the expression are listed in the following The operators supported in the expression are listed in the following
table. table.
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
| Operator | Description | Behavior | | Operator | Description | Behavior |
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
| eq | equal | The attribute and operator values must | | eq | equal | The attribute and operator values must |
| | | be identical for a match. | | | | be identical for a match. |
| ne | not equal | The attribute and operator values are |
| | | not identical. |
| co | contains | The entire operator value must be a | | co | contains | The entire operator value must be a |
| | | substring of the attribute value for a | | | | substring of the attribute value for a |
| | | match. | | | | match. |
| sw | starts with | The entire operator value must be a | | sw | starts with | The entire operator value must be a |
| | | substring of the attribute value, | | | | substring of the attribute value, |
| | | starting at the beginning of the | | | | starting at the beginning of the |
| | | attribute value. This criterion is | | | | attribute value. This criterion is |
| | | satisfied if the two strings are | | | | satisfied if the two strings are |
| | | identical. | | | | identical. |
| ew | ends with | The entire operator value must be a |
| | | substring of the attribute value, |
| | | matching at the end of the attribute |
| | | value. This criterion is satisfied if |
| | | the two strings are identical. |
| pr | present | If the attribute has a non-empty value, | | pr | present | If the attribute has a non-empty value, |
| | (has value) | or if it contains a non-empty node for | | | (has value) | or if it contains a non-empty node for |
| | | complex attributes there is a match. | | | | complex attributes there is a match. |
| gt | greater | If the attribute value is greater than | | gt | greater | If the attribute value is greater than |
| | than | operator value, there is a match. The | | | than | operator value, there is a match. The |
| | | actual comparison is dependent on the | | | | actual comparison is dependent on the |
| | | attribute type. For string attribute | | | | attribute type. For string attribute |
| | | types, this is a lexicographical | | | | types, this is a lexicographical |
| | | comparison and for DateTime types, it is | | | | comparison and for DateTime types, it is |
| | | a chronological comparison. | | | | a chronological comparison. |
skipping to change at page 13, line 12 skipping to change at page 13, line 17
Table 2: Attribute Operators Table 2: Attribute Operators
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
| Operator | Description | Behavior | | Operator | Description | Behavior |
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
| and | Logical And | The filter is only a match if both | | and | Logical And | The filter is only a match if both |
| | | expressions evaluate to true. | | | | expressions evaluate to true. |
| or | Logical or | The filter is a match if either | | or | Logical or | The filter is a match if either |
| | | expression evaluates to true. | | | | expression evaluates to true. |
| not | Not | The filter is a match if the expression |
| | function | evaluates to false. |
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
Table 3: Logical Operators Table 3: Logical Operators
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
| Operator | Description | Behavior | | Operator | Description | Behavior |
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
| () | Precedence | Boolean expressions may be grouped using | | () | Precedence | Boolean expressions may be grouped using |
| | grouping | parentheses to change the standard order | | | grouping | parentheses to change the standard order |
| | | of operations; i.e., evaluate OR logical | | | | of operations; i.e., evaluate OR logical |
| | | operators before logical AND operators. | | | | operators before logical AND operators. |
| [] | Complex | Service providers MAY support complex |
| | attribute | filters where expressions MUST be |
| | filter | applied to the same value of a parent |
| | grouping | attribute specified immediately before |
| | | the left square bracket ("["). The |
| | | expression within square brackets ("[" |
| | | and "]") MUST be a valid filter |
| | | expression based upon sub-attributes of |
| | | the parent attribute. Nested expressions |
| | | MAY be used. See examples below. |
+----------+-------------+------------------------------------------+ +----------+-------------+------------------------------------------+
Table 4: Grouping Operators Table 4: Grouping Operators
Filters MUST be evaluated using standard order of operations [6]. Filters MUST be evaluated using standard order of operations [6].
Attribute operators have the highest precedence, followed by the Attribute operators have the highest precedence, followed by the
grouping operator (i.e, parentheses), followed by the logical AND grouping operator (i.e, parentheses), followed by the logical AND
operator, followed by the logical OR operator. operator, followed by the logical OR operator.
If the specified attribute in a filter expression is a multi-valued If the specified attribute in a filter expression is a multi-valued
skipping to change at page 14, line 32 skipping to change at page 15, line 28
filter=meta.lastModified le "2011-05-13T04:42:34Z" filter=meta.lastModified le "2011-05-13T04:42:34Z"
filter=title pr and userType eq "Employee" filter=title pr and userType eq "Employee"
filter=title pr or userType eq "Intern" filter=title pr or userType eq "Intern"
filter=userType eq "Employee" and (emails co "example.com" or emails filter=userType eq "Employee" and (emails co "example.com" or emails
co "example.org") co "example.org")
filter=userType ne "Employee" and not (emails co "example.com" or
emails co "example.org")
filter=userType eq "Employee" and (emails.type eq "work")
filter=userType eq "Employee" and emails[type eq "work" and
value co "@example.com"]
filter=emails[type eq "work" and value co "@example.com"] or ims[type
eq "xmpp" and value co "@foo.com"]
filter=addresses[state eq "CA" and rooms[type eq "bedroom" and
number gt 2]]
3.2.2.3. Sorting 3.2.2.3. Sorting
Sort is OPTIONAL. Sorting allows Consumers to specify the order in Sort is OPTIONAL. Sorting allows Consumers to specify the order in
which Resources are returned by specifying a combination of sortBy which Resources are returned by specifying a combination of sortBy
and sortOrder URL parameters. and sortOrder URL parameters.
sortBy: The sortBy parameter specifies the attribute whose value sortBy: The sortBy parameter specifies the attribute whose value
SHALL be used to order the returned responses. If the sortBy SHALL be used to order the returned responses. If the sortBy
attribute corresponds to a Singular Attribute, Resources are attribute corresponds to a Singular Attribute, Resources are
sorted according to that attribute's value; if it's a Multi-valued sorted according to that attribute's value; if it's a Multi-valued
skipping to change at page 47, line 35 skipping to change at page 48, line 35
All operations share a common scheme for referencing simple and All operations share a common scheme for referencing simple and
complex attributes. In general, attributes are identified by complex attributes. In general, attributes are identified by
prefixing the attribute name with its schema URN separated by a ':' prefixing the attribute name with its schema URN separated by a ':'
character; e.g., the core User Resource attribute 'userName' is character; e.g., the core User Resource attribute 'userName' is
identified as 'urn:scim:schemas:core:2.0:userName'. Consumers MAY identified as 'urn:scim:schemas:core:2.0:userName'. Consumers MAY
omit core schema attribute URN prefixes though MUST fully qualify omit core schema attribute URN prefixes though MUST fully qualify
extended attributes with the associated Resource URN; e.g., the extended attributes with the associated Resource URN; e.g., the
attribute 'age' defined in 'urn:hr:schemas:user' is fully encoded as attribute 'age' defined in 'urn:hr:schemas:user' is fully encoded as
'urn:hr:schemas:user:age'. A Complex attributes' Sub-Attributes are 'urn:hr:schemas:user:age'. A Complex attributes' Sub-Attributes are
referenced via nested, dot ('.') notation; i.e., {urn}:{Attribute referenced via nested, dot ('.') notation; i.e., {urn}:{Attribute
name}.{Sub-Attribute name}. For example, the fully qualified path name}.{Sub-Attribute name}. For example, the fully qualified path for
for a User's givenName is urn:scim:schemas:core:2.0:name.givenName a User's givenName is urn:scim:schemas:core:2.0:name.givenName All
All facets (URN, attribute and Sub-Attribute name) of the fully facets (URN, attribute and Sub-Attribute name) of the fully encoded
encoded Attribute name are case insensitive. Attribute name are case insensitive.
3.9. HTTP Response Codes 3.9. HTTP Response Codes
The SCIM Protocol uses the response status codes defined in HTTP [12] The SCIM Protocol uses the response status codes defined in HTTP [12]
to indicate operation success or failure. In addition to returning a to indicate operation success or failure. In addition to returning a
HTTP response code implementers MUST return the errors in the body of HTTP response code implementers MUST return the errors in the body of
the response in the client requested format containing the error the response in the client requested format containing the error
response and, per the HTTP specification, human-readable response and, per the HTTP specification, human-readable
explanations. Error responses are identified using the following explanations. Error responses are identified using the following
URI: 'urn:scim:schemas:core:2.0:Error'. The following multi-valued URI: 'urn:scim:schemas:core:2.0:Error'. The following multi-valued
 End of changes. 8 change blocks. 
29 lines changed or deleted 62 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/
--Apple-Mail=_75CB9A25-1480-4E78-911F-FB40B58359C4 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii
--Apple-Mail=_75CB9A25-1480-4E78-911F-FB40B58359C4-- --Apple-Mail=_F15060F1-A50A-4F80-8097-B00477171096-- From t.krille@tarent.de Thu Jan 30 04:29:37 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0DA21A0233 for ; Thu, 30 Jan 2014 04:29:37 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.377 X-Spam-Level: X-Spam-Status: No, score=-1.377 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_54=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S_c_cMBp-tlu for ; Thu, 30 Jan 2014 04:29:35 -0800 (PST) Received: from mail-la0-f71.google.com (mail-la0-f71.google.com [209.85.215.71]) by ietfa.amsl.com (Postfix) with ESMTP id E32F61A03D3 for ; Thu, 30 Jan 2014 04:29:34 -0800 (PST) Received: by mail-la0-f71.google.com with SMTP id c6so6362792lan.6 for ; Thu, 30 Jan 2014 04:29:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=zbRNkCH0h9w2ADAapTa1BrEBt92gV9TLS2TcnCAnQwA=; b=cRYD/5yQg95lo5expUFSN+uFJ6xf7LymJtIl4HGY4b3CvpRgfiYCk9CcwiOONrg43M psBAh0FOMvNrXPzOOd2TTsRQ0NoIm1vaD9MUJvAC5CwINwguXvO7ETFoNjomOuBzZe9n gt+g6WCXGGwnzF9hd4fyKHhpYzbKK2E1oGtQIAserDYUrkraaxr9dMraUgl2CXhgTH5d SX1KM31RxSBv3G+tTV2C+8l5uFRqRzdggQtTql/iQVP+83TWXryFce2Y1gNA3Cwp7ZH8 k0vKF1giOFiKSGqkobislZ3Y/mpIUrr9Le6oP2ouv0XS9PYvvICEuCjtm01ASKbTYcFp BLVg== X-Gm-Message-State: ALoCoQk+GL9mJn/D3Ee4tzQ1L3eBcmoeCnJmPm6t85KTaCqFx4iU44N785saLxry9l4yhyzvzsDf X-Received: by 10.194.62.243 with SMTP id b19mr1061874wjs.63.1391084970684; Thu, 30 Jan 2014 04:29:30 -0800 (PST) MIME-Version: 1.0 Received: by 10.227.6.200 with HTTP; Thu, 30 Jan 2014 04:29:10 -0800 (PST) In-Reply-To: References: From: Thomas Krille Date: Thu, 30 Jan 2014 13:29:10 +0100 Message-ID: To: Chris Phillips Content-Type: multipart/alternative; boundary=047d7b86d6be87ca2304f12f3555 Cc: "scim@ietf.org" Subject: Re: [scim] Question regarding roles.type X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jan 2014 12:29:38 -0000 --047d7b86d6be87ca2304f12f3555 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Chris, understood. Thank you very much for the clarification of this question. Kind Regards Thomas Krille Softwareentwicklung tarent solutions GmbH Telefon +49 (0) 30 138803-128 Telefax +49 (0) 228 54881-235 t.krille@tarent.de Rochusstra=C3=9Fe 2-4, D-53123 Bonn =E2=80=A2 http://www.tarent.de/ Tel: +49 228 54881-0 =E2=80=A2 Fax: +49 228 54881-235 HRB AG Bonn 5168 =E2=80=A2 USt-ID (VAT): DE122264941 Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Ale= xander Steeg 2014-01-29 Chris Phillips > Hi Thomas, > > I would like to draw your attention to ticket #11[1] in regards to your > question if you haven't already checked it out. > > For the other questions: > > Q: Are there any plans to specify the type sub-attribute for roles with > the same semantics as in entitlements? > > A: Not at this time AFAIK. > > Q: Or are there considerations against doing so? The specification just > says "This value has NO canonical types". > > A: I think it's neutral against or for so keep it as is. > > > The notion of sub-typing the attribute kicks it into complex attribute > territory which increases complexity rather than a simple multi-valued > attribute. > > What I believe people are asking for when sub-typing either/or/both > roles & entitlements is some way to capture 'this is an XACML entitlement= , > not an eduPerson Entitlement' or 'this is an application X role sub-type = of > 'subscriber' not Application Y role sub-type of 'subscriber' yes it is in > the same field so how do I prevent collisions on permissions since I want > to use that field for my application?. > > The original intent of role and entitlement can be found here[2] (2011) > and ultimately made it into the original spec as you see it. > > Having the three main variations of how controls are applied is to > avoid hammering one model of 'control'(group vs role vs entitlement) into > another just to transport it from A to B. The SCIM protocol remains neutr= al > so that anyone could use SCIM out of the box and not dilute their model b= y > having to transpose a role based policy structure into faux groups or > entitlements into groups. What I have seen happen is an exponential grow= th > of groups in this regard and becomes nightmarish to navigate and manage. > > What would be helpful is to describe some real world use cases to > support the notion of sub-typing. This will help us all to understand the > larger picture behind the questions. > > If you would like to see an example of entitlements in schema take a > peek at eduPerson[3] > > Chris. > > > [1] http://trac.tools.ietf.org/wg/scim/trac/ticket/11 > [2] > https://groups.google.com/d/msg/cloud-directory/bvpv9HBfdYQ/_8OMgELbSF4J > [3] > http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-2013= 10.html#eduPersonEntitlement > > > From: Thomas Krille > Date: Wednesday, 29 January, 2014 7:27 AM > To: "scim@ietf.org" > Subject: [scim] Question regarding roles.type > > Hello, > > the current SCIM schema defines the type sub-attribute for entitlements > multi-valued attribute as "useful as a means to scope entitlements" ( > http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2). > Thinking about this, I realized that the roles multi-valued attribute cou= ld > benefit from such kind of type sub-attribute, too. Are there any plans to > specify the type sub-attribute for roles with the same semantics as in > entitlements? Or are there considerations against doing so? The > specification just says "This value has NO canonical types". > > Kind regards > > Thomas Krille > Softwareentwicklung > tarent solutions GmbH > > Telefon +49 (0) 30 138803-128 > Telefax +49 (0) 228 54881-235 > t.krille@tarent.de > > Rochusstra=C3=9Fe 2-4, D-53123 Bonn =E2=80=A2 http://www.tarent.de/ > Tel: +49 228 54881-0 =E2=80=A2 Fax: +49 228 54881-235 > HRB AG Bonn 5168 =E2=80=A2 USt-ID (VAT): DE122264941 > Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, A= lexander > Steeg > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --047d7b86d6be87ca2304f12f3555 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Chris,

understood. Thank you very mu= ch for the clarification of this question.

Kind Re= gards

Thomas Krille
Softwareentwicklung
tarent solutions GmbH

Telefon +49 (0) 30 1388= 03-128
Telefax +49 (0) 228 54881-235
t.krille@tarent.de

Rochusstra=C3=9Fe 2-= 4, D-53123 Bonn =E2=80=A2=C2=A0http://www.tarent.de/
Tel: +49 228 54881-0 =E2=80=A2 Fax: +49 228 54881-235
HRB AG Bonn 5168 = =E2=80=A2 USt-ID (VAT): DE122264941
Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefa= n Barth, Kai Ebenrett, Boris Esser, Alexander Steeg


2014-01-29 Chris Phillips <Chri= s.Phillips@canarie.ca>
Hi Thomas,

I would like to draw your attention to ticket #11[1] in regards to you= r question if you haven't already checked it out.

For the other questions:

Q: Are there any plans to specify the type sub-attribute for roles wit= h the same semantics as in entitlements?

A: Not at this time AFAIK.=

Q: Or are there considerations against doing so? The specification jus= t says=C2=A0"This value=C2=A0has NO canonical types".

A: I think it's neutra= l against or for so keep it as is.


The notion of sub-typing the attribute kicks it into complex attribute= territory which increases complexity rather than a simple multi-valued att= ribute.

What I believe people are asking for when sub-typing either/or/both ro= les & entitlements is some way to capture 'this is an XACML entitle= ment, not an eduPerson Entitlement' or 'this is an application X ro= le sub-type of 'subscriber' not Application Y role sub-type of 'subscriber' yes it is in the same field so how do I p= revent collisions on permissions since I want to use that field for my appl= ication?.

The original intent of role and entitlement can be found here[2] (2011= ) and ultimately made it into the original spec as you see it.

Having the three main variations of how controls are applied =C2=A0is = to avoid hammering one model of 'control'(group vs role vs entitlem= ent) into another just to transport it from A to B. The SCIM protocol remai= ns neutral so that anyone could use SCIM out of the box and not dilute their model by having to transpose a role based = policy structure into faux groups or entitlements into groups. =C2=A0What I= have seen happen is an exponential growth of groups in this regard and bec= omes nightmarish to navigate and manage.

What would be helpful is to describe some real world use cases to supp= ort the notion of sub-typing. This will help us all to understand the large= r picture behind the questions.

If you would like to see an example of entitlements in schema take a p= eek at eduPerson[3]

Chris.


[1]=C2=A0http://trac.tools.ietf.org/wg/scim/trac/ticket/11

From: Thomas Krille <t.krille@tarent.de>
Date: Wednesday, 29 January, 2014 7= :27 AM
To: "scim@ietf.org" <scim@ietf.org>
Subject: [scim] Question regarding = roles.type

Hello,

the current SCIM schema defines the type sub-attribute for entitlement= s multi-valued attribute as "useful as a= means=C2=A0to scope entitlements" (http://tools.ietf.org/html/draft-ietf-sc= im-core-schema-02#section-6.2). Thinking about this, I realized that the roles multi-valued attribute coul= d benefit from such kind of type sub-attribute, too. Are there any plans to= specify the type sub-attribute for roles with the same semantics as in ent= itlements? Or are there considerations against doing so? The specification just says=C2=A0"This value=C2=A0h= as NO canonical types".

Kind regards

Thomas Krille
Softwareentwicklung
tarent solutions GmbH

Telefon +49 (0) 30 138803-128
Telefax +49 (0) 228 54881-235
t.krille@tarent.de<= /a>

Rochusstra=C3=9Fe 2-4, D-53123 Bonn =E2=80=A2=C2=A0http://www.taren= t.de/
Tel: +49 228 54881-0 =E2=80=A2 Fax: +49 228 54881-235
HRB AG Bonn 5168 =E2=80=A2 USt-ID (VAT): DE122264941
Gesch=C3=A4ftsf=C3=BChrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Ale= xander Steeg

_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim


--047d7b86d6be87ca2304f12f3555-- From d.moebius@tarent.de Thu Jan 30 06:01:23 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D04C1A02DF for ; Thu, 30 Jan 2014 06:01:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.277 X-Spam-Level: X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1gZVYCPIKlqg for ; Thu, 30 Jan 2014 06:01:22 -0800 (PST) Received: from mail-pd0-f199.google.com (mail-pd0-f199.google.com [209.85.192.199]) by ietfa.amsl.com (Postfix) with ESMTP id 01A3F1A0345 for ; Thu, 30 Jan 2014 06:01:21 -0800 (PST) Received: by mail-pd0-f199.google.com with SMTP id q10so6832889pdj.2 for ; Thu, 30 Jan 2014 06:01:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=DvTTeBg+DsqY2iZx7saUTN/FCXTUbiXn1Yzfnk1Zz2Y=; b=hfalyVmPrwywUYhluuDLEbx8Q1q6o1LyfBqlLBiY554TElz+CJNtMA1VYmtAz9jIdj Ejg+NU5dUYCqYgePu10s8Jhk+N/lm6Eb8Dkoq87k+cC2d4TbadWLngqo0/cH/ExJMepW 4H01Q3UDR+ZxpvdLFmy3eBklSzeMxVfXn0TmBsIT/vdynEhJ9/gnYeZe1Gfjn+daTARh sHSZHs0pXPB8ZfhO82lgiSCfxguO+0/EhAJFmFcttjRZy8X9K+KXAZFziqBVOkmn7ntU 4fyvp+eNxbBoehk+DDJdWii1Gq1WkY1KBUEKlYqdLQDAjx5YgIQjyHagqhuDbJFwE8/Y 5yng== X-Gm-Message-State: ALoCoQnIF+NnwonLm29y3PFWG0LfKn+HWaiIHbUnkeTHUCwtP4SqeX0m2hqkyRwlWAaqGjdss1a4 MIME-Version: 1.0 X-Received: by 10.66.189.129 with SMTP id gi1mr14447725pac.57.1391090478778; Thu, 30 Jan 2014 06:01:18 -0800 (PST) Received: by 10.66.67.41 with HTTP; Thu, 30 Jan 2014 06:01:18 -0800 (PST) In-Reply-To: <52E8F740.3060508@mnt.se> References: <52E8F740.3060508@mnt.se> Date: Thu, 30 Jan 2014 15:01:18 +0100 Message-ID: From: David Moebius To: Leif Johansson Content-Type: multipart/alternative; boundary=047d7bf0e5bad6a08e04f1307d2f Cc: "scim@ietf.org" Subject: Re: [scim] photo MUST be an url to an image X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jan 2014 14:01:23 -0000 --047d7bf0e5bad6a08e04f1307d2f Content-Type: text/plain; charset=ISO-8859-1 Hi, thanks for your validation of my thoughts. Than we will check if the given String can be a URL but nothing else. David 2014-01-29 Leif Johansson : > On 2014-01-29 10:19, David Moebius wrote: > > Hi, > > Not being the author but... > > > in http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2(photos) you write the String given MUST be an image e.g. a GIF, JPEG, or > PNG image file. > I would say it is dangerous only to allow these 3 file types. First of all > a lot of other fileformats exist and it could be that tomorrow a great new > file format is invented that everyone would like to use. > > it sais 'e.g.' because those are example formats, not a complete list. > > Because of this I don't want to force the client to provide a String > that ends with e.g. .jpg > > My problem is how I should be sure that the String given really points > to an image. I also don't want to call the provided address and retrieve > the image. > > you can't unless you deref the URL and then content-type is your friend > > > For this I would like to allow every String as "picture" and the client > itsself has to care about if it is a picture or not. > > we want valid URLs, not every type of string. This also includes things > like RFC 2397 (data:image)... > > > What do you think about this? > > David > > > _______________________________________________ > scim mailing listscim@ietf.orghttps://www.ietf.org/mailman/listinfo/scim > > > > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim > > --047d7bf0e5bad6a08e04f1307d2f Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi,=A0


thanks for your v= alidation of my thoughts.
Than we will check if the given String = can be a URL but nothing else.

David


2014-01-29 Leif Johansson <leifj@mnt.se&= gt;:
=20 =20 =20
On 2014-01-29 10:19, David Moebius wrote:
Hi,
Not being the author but...


in=A0http://tools.ietf.org/html/draft= -ietf-scim-core-schema-02#section-6.2 (photos) you write the String given MUST be an image e.g. a GIF, JPEG, or PNG image file.
I would say it is dangerous only to allow these 3 file types. First of all a lot of other fileformats exist and it could be that tomorrow a great new file format is invented that everyone would like to use.

it sais 'e.g.' because those are example formats, not a complet= e list.

Because of this I don't want to force the client to provid= e a String that ends with e.g. .jpg

My problem is how I should be sure that the String given really points to an image. I also don't want to call the provided address and retrieve the image.
you can't unless you deref the URL and then content-type is your friend


For this I would like to allow every String as "picture&q= uot; and the client itsself has to care about if it is a picture or not.
we want valid URLs, not every type of string. This also includes things like RFC 2397 (data:image)...

What do you think about this?

David


_______________________________________________
scim mailing list
scim@ietf.org
ht=
tps://www.ietf.org/mailman/listinfo/scim


_______________________________________________
scim mailing list
scim@ietf.org
ht= tps://www.ietf.org/mailman/listinfo/scim


--047d7bf0e5bad6a08e04f1307d2f-- From phil.hunt@oracle.com Thu Jan 30 08:54:04 2014 Return-Path: X-Original-To: scim@ietfa.amsl.com Delivered-To: scim@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D9D41A042D for ; Thu, 30 Jan 2014 08:54:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.735 X-Spam-Level: X-Spam-Status: No, score=-4.735 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mT1CAwZDnEbU for ; Thu, 30 Jan 2014 08:54:01 -0800 (PST) Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id CAD251A03FD for ; Thu, 30 Jan 2014 08:53:59 -0800 (PST) Received: from acsinet22.oracle.com (acsinet22.oracle.com [141.146.126.238]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0UGrtYq010209 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 30 Jan 2014 16:53:56 GMT Received: from aserz7021.oracle.com (aserz7021.oracle.com [141.146.126.230]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0UGrqmI019459 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Jan 2014 16:53:53 GMT Received: from abhmp0003.oracle.com (abhmp0003.oracle.com [141.146.116.9]) by aserz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0UGrq3S006072; Thu, 30 Jan 2014 16:53:52 GMT Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 30 Jan 2014 08:53:52 -0800 References: <52E8F740.3060508@mnt.se> Mime-Version: 1.0 (1.0) In-Reply-To: Content-Type: multipart/alternative; boundary=Apple-Mail-6F7DB4C5-50C0-4ABD-8A0B-56C07D6FA346 Content-Transfer-Encoding: 7bit Message-Id: <8DD8E700-6430-4040-A57E-93A5490B961C@oracle.com> X-Mailer: iPhone Mail (11B554a) From: Phil Hunt Date: Thu, 30 Jan 2014 08:53:48 -0800 To: David Moebius X-Source-IP: acsinet22.oracle.com [141.146.126.238] Cc: Leif Johansson , "scim@ietf.org" Subject: Re: [scim] photo MUST be an url to an image X-BeenThere: scim@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Simple Cloud Identity Management BOF List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jan 2014 16:54:04 -0000 --Apple-Mail-6F7DB4C5-50C0-4ABD-8A0B-56C07D6FA346 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable You could use HTTP HEAD to check that the URL is valid. Of course that can s= till cost if you have to process a lot of photos. But at least it avoids ret= rieving the actual file.=20 Phil > On Jan 30, 2014, at 6:01, David Moebius wrote: >=20 > Hi,=20 >=20 >=20 > thanks for your validation of my thoughts. > Than we will check if the given String can be a URL but nothing else. >=20 > David >=20 >=20 > 2014-01-29 Leif Johansson : >>> On 2014-01-29 10:19, David Moebius wrote: >>> Hi, >> Not being the author but... >>=20 >>>=20 >>> in http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2= (photos) you write the String given MUST be an image e.g. a GIF, JPEG, or P= NG image file. >>> I would say it is dangerous only to allow these 3 file types. First of a= ll a lot of other fileformats exist and it could be that tomorrow a= great new file format is invented that everyone would like to use. >> it sais 'e.g.' because those are example formats, not a complete list. >>=20 >>> Because of this I don't want to force the client to provide a S= tring that ends with e.g. .jpg >>>=20 >>> My problem is how I should be sure that the String given reall= y points to an image. I also don't want to call the provided address and ret= rieve the image. >> you can't unless you deref the URL and then content-type is your friend >>=20 >>>=20 >>> For this I would like to allow every String as "picture" and the client i= tsself has to care about if it is a picture or not. >> we want valid URLs, not every type of string. This also includes things l= ike RFC 2397 (data:image)... >>>=20 >>> What do you think about this? >>>=20 >>> David >>>=20 >>>=20 >>> _______________________________________________ >>> scim mailing list >>> scim@ietf.org >>> https://www.ietf.org/mailman/listinfo/scim >>=20 >>=20 >> _______________________________________________ >> scim mailing list >> scim@ietf.org >> https://www.ietf.org/mailman/listinfo/scim >=20 > _______________________________________________ > scim mailing list > scim@ietf.org > https://www.ietf.org/mailman/listinfo/scim --Apple-Mail-6F7DB4C5-50C0-4ABD-8A0B-56C07D6FA346 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit
You could use HTTP HEAD to check that the URL is valid. Of course that can still cost if you have to process a lot of photos. But at least it avoids retrieving the actual file. 

Phil

On Jan 30, 2014, at 6:01, David Moebius <d.moebius@tarent.de> wrote:

Hi, 


thanks for your validation of my thoughts.
Than we will check if the given String can be a URL but nothing else.

David


2014-01-29 Leif Johansson <leifj@mnt.se>:
On 2014-01-29 10:19, David Moebius wrote:
Hi,
Not being the author but...


in http://tools.ietf.org/html/draft-ietf-scim-core-schema-02#section-6.2 (photos) you write the String given MUST be an image e.g. a GIF, JPEG, or PNG image file.
I would say it is dangerous only to allow these 3 file types. First of all a lot of other fileformats exist and it could be that tomorrow a great new file format is invented that everyone would like to use.

it sais 'e.g.' because those are example formats, not a complete list.

Because of this I don't want to force the client to provide a String that ends with e.g. .jpg

My problem is how I should be sure that the String given really points to an image. I also don't want to call the provided address and retrieve the image.
you can't unless you deref the URL and then content-type is your friend


For this I would like to allow every String as "picture" and the client itsself has to care about if it is a picture or not.
we want valid URLs, not every type of string. This also includes things like RFC 2397 (data:image)...

What do you think about this?

David


_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim


_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim


_______________________________________________
scim mailing list
scim@ietf.org
https://www.ietf.org/mailman/listinfo/scim
--Apple-Mail-6F7DB4C5-50C0-4ABD-8A0B-56C07D6FA346--