SCIM 2.0 Extensions

To be able to provide information and operations on attributes not available in the current SCIM 2.0 Core Schema (RFC 7643), Buypass have defined several extension. The attribute extensions are defined and named according to the https://tools.ietf.org/html/rfc7643#section-3.3 and https://tools.ietf.org/html/rfc7643#section-10.2.

The extensions are generic and can be mixed and included in different OpenID Security Domains. However the different extensions are not necessarily applicable in all cases. Refer to the specific security domain documentation for what extensions that are in use. It is also worth noticing that several of the extensions provide read-only data.

urn:ietf:params:scim:schemas:extension:buypass:fido2:User

This attribute extension provides information about the FIDO2 security devices associated with the user. The attribute data for a given device is read-only. Still, as an administrative task, the device itself can be deleted from the user, preventing further use of the FIDO2 security device.

Example output:

"urn:ietf:params:scim:schemas:extension:buypass:fido2:User" = { "fido2Credentials" : [ { "credentialId" : "", "displayName" : "", "lastUsed" : "", "created" : "" } ] }

Full schema listing is available (if applicable in the security domain) on:

curl -X GET "https://api.buypass.no/SECURITYDOMAIN/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:buypass:fido2:User" -H "accept: */*"

urn:ietf:params:scim:schemas:extension:buypass:meta:User

This attribute extension provides read-only meta information about a user.

Example output:

"urn:ietf:params:scim:schemas:extension:buypass:meta:User" { "lastSuccessfulLogin" : "", "lastFailedLogin" : "", "loginAttempts" : "" }

Full schema listing is available (if applicable in the security domain) on:

urn:ietf:params:scim:schemas:extension:buypass:nin:User

This attribute extension enable proper format checking of different National Id Numbers (NIN). Using the “issuingCountry” attribute, proper format checks of the “nin” attribute can be done. The “ninType” attribute enable marking of different NIN numbers within the same country (ex. the Norwegian D-Number).

Example output:

Full schema listing is available (if applicable in the security domain) on: