Hi,

I have reviewed this document as part of the OPS area directorate's ongoing
effort to review all IETF documents being processed by the IESG. 

To me the document is: Ready with Nits 

This document defines a set of SCIM Security Events, as extension of what is already defined in [RFC8417], and defines as well an asynchronous communication model. It is well written and easy to follow.

Nits: 

The abstract and introduction may be more clear about the fact that while asynchronous communication is possible, it is not mandatory.

The documents contains a lot of non-ascii characters. I would invite the authors to provide an markdown or xml source that generates ascii-only .txt file and svg figures for the other formats.

The example figures in Section 2 are cited inconsistently in the text (sometimes are cited sometimes not). I would suggest to put explicit references in the text for all figures.

In Section 4 (Security Considerations), in the bullet:

- Avoid use of SCIM PUT (Section 3.5.1 [RFC7644]) operations on large groups as this may require excessive locking in data store systems as well as large Security Event payloads. Use SCIM PATCH (Section 3.5.2) to focus on updating and notifying about changed information.

I wonder whether wouldn't be better to add RECOMMENDED for the use of SCIM PATCH.

Section 6.4, in the reference column of the table add [This Document], to make sure that IANA will add the RFC number of these specifications when published.