System for Cross-domain Identity Management M. Wahl Internet-Draft Microsoft Intended status: Informational D. Zollner Expires: 7 December 2026 Okta P. Dingle Microsoft I. Kazzouzi Nextident 5 June 2026 AI Agent Resource Extension for the System for Cross-domain Identity Management (SCIM) draft-wzdk-scim-agent-resource-00 Abstract The System for Cross-domain Identity Management (SCIM) specifications are designed to make identity management in cloud-based applications and services easier. This document provides a platform-neutral schema for representing AI agents' identities in SCIM JSON format, enabling them to be transferred using the SCIM protocol between a client and service provider. This establishes an agentic identity so that an agent can subsequently be authenticated and authorized to interact with the service. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-wzdk-scim-agent-resource/. Discussion of this document takes place on the System for Cross- domain Identity Management Working Group mailing list (mailto:scim@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/scim/. Subscribe at https://www.ietf.org/mailman/listinfo/scim/. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Wahl, et al. Expires 7 December 2026 [Page 1] Internet-Draft SCIM Agent Resource June 2026 Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 7 December 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3 3. Agent Resource Type . . . . . . . . . . . . . . . . . . . . . 3 4. Core Schema . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Single-valued Attributes . . . . . . . . . . . . . . . . 4 4.2. Multi-valued Attributes . . . . . . . . . . . . . . . . . 4 4.3. Agent Resource Schema . . . . . . . . . . . . . . . . . . 5 4.4. Updates to Existing Schema . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 5.1. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6.1. New Schema . . . . . . . . . . . . . . . . . . . . . . . 9 7. Normative References . . . . . . . . . . . . . . . . . . . . 9 Appendix A. Changes From Earlier Versions . . . . . . . . . . . 10 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Wahl, et al. Expires 7 December 2026 [Page 2] Internet-Draft SCIM Agent Resource June 2026 1. Introduction The SCIM protocol [RFC7644] and core schema [RFC7643] are widely implemented for provisioning records for users into services. The default schema for those user records includes attributes such as a person's name, job title, and email address. This enables a SCIM client to inform a SCIM service provider of a new user, so that user can be identified in and subsequently authenticated to the service. SCIM also enables lifecycle controls for the SCIM client to update and remove that user record in that service, and associate that user with groups, roles and entitlements. With the growth of agentic AI, agents will also need to be able to interact with services. Some services will require an agent to have an identity represented within them in order to interact with resources. The attributes of an agent identity in a SCIM service can be different from the attributes of a human user identity. Similar to users, however, an agent's identity can have access rights in the service, represented through relationships of the agent's identity with groups, roles and entitlements in a service. As SCIM is familiar within the enterprise and agents often need the same lifecycle signals and group, role or entitlement memberships as users, defining a schema to transport agentic identities using the SCIM protocol simplifies deployment and enables subsequent authentication interactions and consistent controls for those agents' identities and access rights. 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Agent Resource Type This specification defines a new SCIM resource type and an accompanying core schema, following the resource type and schema conventions of [RFC7643]: Agent A resource of this type represents an agent's identity to the service. It includes attributes of an agent's identity needed to be known by a service. Wahl, et al. Expires 7 December 2026 [Page 3] Internet-Draft SCIM Agent Resource June 2026 Resources of this type are conveyed via the SCIM protocol [RFC7644] using JSON [RFC8259]. Extension schemas can be defined to extend this resource type, allowing additional attributes. The core schema for the Agent resource type is identified by the URI "urn:ietf:params:scim:schemas:core:2.0:Agent". The schema defines the attributes described in the following sections. In addition, Agent resources include the common attributes "externalId", "id", "meta", and "schemas" as described in Sections 3 and 3.1 of [RFC7643]. 4. Core Schema 4.1. Single-valued Attributes The Agent core schema defines the following single-valued attributes. A SCIM service provider that implements this specification MUST implement all attributes defined in the core Agent schema unless otherwise specified. active A boolean value indicating the agentic identity's administrative status. A SCIM client can indicate that an agentic identity is to be treated as inactive by the service by setting it to false. The definitive meaning of this attribute is determined by the SCIM service. REQUIRED. description The value of this attribute is a string with the agentic identity's human-readable description. displayName The value of this attribute is a string with the human-readable name of the agentic identity, suitable for display to end-users. REQUIRED. agentUserName A string containing a unique identifier for the agent, similar to a user's userName or email address. This value SHOULD be human- readable and MUST be unique across all Agent resources in the provisioning domain. REQUIRED. 4.2. Multi-valued Attributes The Agent core schema defines the following multi-valued attributes. owners Wahl, et al. Expires 7 December 2026 [Page 4] Internet-Draft SCIM Agent Resource June 2026 A list of the responsible parties for an agentic identity. Each value is a complex type that allows referencing the "id" attribute of a user, a group, or other resource already known to the SCIM service provider. Each value has the following sub-attributes. value The "id" of the SCIM resource representing an owner of an agentic identity. This sub-attribute MUST be included for each "owners" value; mutability is "immutable". $ref The URI of the SCIM resource representing an owner of an agentic identity. RECOMMENDED; mutability is "readOnly". displayName The displayName of the agentic identity's owner. OPTIONAL; mutability is "readOnly". 4.3. Agent Resource Schema The following is a non-normative example of the Agent resource type as returned from the "/ResourceTypes" endpoint, in JSON format. { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ResourceType" ], "id": "Agent", "name": "Agent", "description": "An agent's identity as represented in a SCIM service.", "endpoint": "/Agents", "schema": "urn:ietf:params:scim:schemas:core:2.0:Agent", "meta": { "resourceType": "ResourceType", "location": "https://example.com/v2/ResourceTypes/Agent" } } The following is a non-normative example of the Agent schema as returned from the "/Schemas" endpoint, in SCIM JSON schema format. { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "id": "urn:ietf:params:scim:schemas:core:2.0:Agent", "name": "Agent", "description": "An agent's identity as represented in a SCIM service.", Wahl, et al. Expires 7 December 2026 [Page 5] Internet-Draft SCIM Agent Resource June 2026 "attributes": [ { "name": "active", "type": "boolean", "multiValued": false, "description": "A boolean value indicating the agent's administrative status.", "required": true, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "description", "type": "string", "multiValued": false, "description": "The agent's human-readable description.", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "displayName", "type": "string", "multiValued": false, "description": "The human-readable name of the agent, suitable for display to end-users.", "required": true, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "agentUserName", "type": "string", "multiValued": false, "description": "A unique identifier for the agent, similar to a userName or email address.", "required": true, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "server" }, { "name": "owners", "type": "complex", "multiValued": true, Wahl, et al. Expires 7 December 2026 [Page 6] Internet-Draft SCIM Agent Resource June 2026 "description": "A list of the responsible parties for this agent.", "required": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none", "subAttributes": [ { "name": "value", "type": "string", "multiValued": false, "description": "The \"id\" of the SCIM resource representing an owner of this agent.", "required": true, "caseExact": false, "mutability": "immutable", "returned": "default", "uniqueness": "none" }, { "name": "$ref", "type": "reference", "referenceTypes": ["User", "Group", "Agent"], "multiValued": false, "description": "The URI of the SCIM resource representing an owner of this agent.", "required": false, "caseExact": true, "mutability": "readOnly", "returned": "default", "uniqueness": "none" }, { "name": "displayName", "type": "string", "multiValued": false, "description": "The displayName of the agent's owner.", "required": false, "caseExact": false, "mutability": "readOnly", "returned": "default", "uniqueness": "none" } ] } ], "meta": { "resourceType": "Schema", "location": "https://example.com/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Agent" } Wahl, et al. Expires 7 December 2026 [Page 7] Internet-Draft SCIM Agent Resource June 2026 } The following is a non-normative example of an Agent resource instance in JSON format. { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Agent" ], "id": "95cfaafb-0827-4c60-8236-523ad04b3cba", "displayName": "Agent for tour guides", "agentUserName": "tour-guide-agent", "active": true, "externalId": "67890", "meta": { "resourceType": "Agent" } } 4.4. Updates to Existing Schema To allow an agentic identity to be a member of a group, this memo augments the definition of the "members" attribute of [RFC7643] as follows: * allow the referenceTypes of the members "$ref" sub-attribute to also refer to an Agent resource * allow the canonicalValues of the members "type" sub-attribute to also allow for "Agent" 5. Security Considerations SCIM data is intended to be exchanged using the SCIM protocol. It is important when handling data to implement the security considerations outlined in Section 7 of [RFC7644]. 5.1. Privacy The text of this privacy section is derived from the corresponding privacy section of [RFC7643]. Wahl, et al. Expires 7 December 2026 [Page 8] Internet-Draft SCIM Agent Resource June 2026 Information should be shared on an as-needed basis. A SCIM client should limit information to what it believes a SCIM service requires, and a SCIM service should only accept information it needs. Clients and servers should take into consideration that sensitive information is being conveyed across technical (e.g., protocol and applications), administrative (e.g., organizational, corporate), and jurisdictional boundaries. In particular, information security and privacy must be considered. Security service level agreements for the handling of these attributes are beyond the scope of this document but are to be carefully considered by implementers and deploying organizations. Please see the Privacy Considerations section of [RFC7644] for more protocol-specific considerations regarding the handling of SCIM information. 6. IANA Considerations 6.1. New Schema When published as an RFC, the IANA is requested to add the following addition to the "SCIM Schema URIs for Data Resources" established in [RFC7643]: +=============================================+=======+============+ | URN | Name | Reference | +=============================================+=======+============+ | urn:ietf:params:scim:schemas:core:2.0:Agent | Agent | This memo, | | | | Section 3 | +---------------------------------------------+-------+------------+ Table 1 7. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7643] Hunt, P., Ed., Grizzle, K., Wahlstroem, E., and C. Mortimore, "System for Cross-domain Identity Management: Core Schema", RFC 7643, DOI 10.17487/RFC7643, September 2015, . Wahl, et al. Expires 7 December 2026 [Page 9] Internet-Draft SCIM Agent Resource June 2026 [RFC7644] Hunt, P., Ed., Grizzle, K., Ansari, M., Wahlstroem, E., and C. Mortimore, "System for Cross-domain Identity Management: Protocol", RFC 7644, DOI 10.17487/RFC7644, September 2015, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, December 2017, . Appendix A. Changes From Earlier Versions This is the initial version of this draft. Acknowledgments The editor would like to acknowledge the contribution and work of the authors of the SCIM RFCs [RFC7643] and [RFC7644] and of other SCIM Internet-Drafts, the participants of the IETF SCIM WG, and the SCIM Community. Authors' Addresses Mark Wahl Microsoft Email: mwahl@microsoft.com Danny Zollner Okta Email: danny.zollner@okta.com Pamela Dingle Microsoft Email: pamela.dingle@microsoft.com Ismael Kazzouzi Nextident Email: ismael@nextident.ai Wahl, et al. Expires 7 December 2026 [Page 10]